Re: Replication and user privileges

[Jim]

On 2/26/2019 1:57 PM, Jim wrote:

On 2/26/2019 9:44 AM, shawn l.green wrote:

Hello Jim,

On 2/25/2019 7:29 PM, Jim wrote:

On 2/25/2019 5:46 PM, shawn l.green wrote:

Hello Jim,

On 2/25/2019 5:04 PM, Jim wrote:
I have a question about mysql replication. I believe I understand 
most

of it, but have a question about user privileges.

I understand on the master, the replication user must have the
Repl_slave_priv privilege as described here:
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave 





My question is about what replication-related users and privileges 
must

exist on the slave.

So, for example, if an insert on the master that is to be 
replicated is

performed by user 'abc' with proper insert permissions on the master,
does that same 'abc' user with same insert permissions need to 
exist on

the slave as well?

In other words, what user is performing the replication operation 
on the

slave? I don't see any indication of users referenced in the bin logs
that I have examined on the master. Are user and privileges regarding
replicated queries irrelevant on the slave and that is handled all
internally via the replication thread with no regard to user 
privileges?


Thank you.
Jim



Your final supposition is correct. All privileges were checked and
verified on the master when the original command was executed. The
Replication system on the slave is going to repeat that change as well
as possible given the state of its copy of the data without regards to
"who originally performed this change" on the upstream master.

We do not store credentials in the Binary Log because they are not
important to either of the purposes of the Binary Log

* point-in-time recovery
or
* Replication (which is very much like an automated, continuous
point-in-time recovery)

===

That replication account you mentioned, on the master, is required to
give a slave (and you could have several) enough rights to read the
Binary Log and not much else. This allows you to create an account
that can login from a remote location with the "least privileges"
necessary to do its job. This minimizes your data's exposure should
that account become compromised.

Many other accounts could also have the REPL_SLAVE_PRIV privilege and
any of those could be used by a slave to do the same job. However
losing control over one of those more privileged accounts could pose a
higher risk to your data.




Thanks, Shawn. Your response confirms what I had assumed was happening.

So bottom line... what I plan to do is strip the various
insert/update/delete privileges from appropriate db users on my slaves.
I had placed them there originally because I thought they would be
needed for the replicated queries, but not true based on your response.

I only want the various mysql users used by my code to have select 
privs
on the slaves so that if somehow a slave was mistakenly written to 
via a
bug in my code, that write would fail and I would receive the error. 
The
slaves should only be used for selects and should never experience a 
write.


That would make sense based on our discussion, correct?

Thanks again.
Jim



As masters and slaves can exchange "positions" or "roles" (it depends 
on how you like to mentally visualize the relationship) within a 
replication graph in a failover situation, adding time to 
re-establish actual permissions using GRANT commands to reset user 
accounts to their old privileges may not be time you want to spend.


A cleaner, simpler solution is to set the --super-read-only flag in 
the server:
https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_super_read_only 



That way, you get the behavior you want (no writes to a read-only 
slave) without forcing differences to the content of your privileges 
tables within different nodes of your Replication setup.  Each node 
will remain a transactionally consistent copy of all the others 
(within the temporal limits of replication being an asynchronous 
process).


Yours,



Thanks, Shawn.

super-read-only looks perfect for what I want. I can keep my slaves 
with all the potential users needed to take over as master without 
risking unwanted writes.


Given how you read:
"If the |read_only| 
<https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_read_only> 
system variable is enabled, the server permits client updates only 
from users who have the |SUPER| 
<https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_super> 
privilege. If the |super_read_only| 
<https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_super_read_only> 
system variable is also enabled, the server prohibits client updates 
even from users who have |SUPER| 
<https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_super>."
One somewhat gets the impression that in order to enable 
super_read_only, one 

Re: Replication and user privileges

[Jim]

On 2/26/2019 9:44 AM, shawn l.green wrote:

Hello Jim,

On 2/25/2019 7:29 PM, Jim wrote:

On 2/25/2019 5:46 PM, shawn l.green wrote:

Hello Jim,

On 2/25/2019 5:04 PM, Jim wrote:

I have a question about mysql replication. I believe I understand most
of it, but have a question about user privileges.

I understand on the master, the replication user must have the
Repl_slave_priv privilege as described here:
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave 





My question is about what replication-related users and privileges 
must

exist on the slave.

So, for example, if an insert on the master that is to be 
replicated is

performed by user 'abc' with proper insert permissions on the master,
does that same 'abc' user with same insert permissions need to 
exist on

the slave as well?

In other words, what user is performing the replication operation 
on the

slave? I don't see any indication of users referenced in the bin logs
that I have examined on the master. Are user and privileges regarding
replicated queries irrelevant on the slave and that is handled all
internally via the replication thread with no regard to user 
privileges?


Thank you.
Jim



Your final supposition is correct. All privileges were checked and
verified on the master when the original command was executed. The
Replication system on the slave is going to repeat that change as well
as possible given the state of its copy of the data without regards to
"who originally performed this change" on the upstream master.

We do not store credentials in the Binary Log because they are not
important to either of the purposes of the Binary Log

* point-in-time recovery
or
* Replication (which is very much like an automated, continuous
point-in-time recovery)

===

That replication account you mentioned, on the master, is required to
give a slave (and you could have several) enough rights to read the
Binary Log and not much else. This allows you to create an account
that can login from a remote location with the "least privileges"
necessary to do its job. This minimizes your data's exposure should
that account become compromised.

Many other accounts could also have the REPL_SLAVE_PRIV privilege and
any of those could be used by a slave to do the same job. However
losing control over one of those more privileged accounts could pose a
higher risk to your data.




Thanks, Shawn. Your response confirms what I had assumed was happening.

So bottom line... what I plan to do is strip the various
insert/update/delete privileges from appropriate db users on my slaves.
I had placed them there originally because I thought they would be
needed for the replicated queries, but not true based on your response.

I only want the various mysql users used by my code to have select privs
on the slaves so that if somehow a slave was mistakenly written to via a
bug in my code, that write would fail and I would receive the error. The
slaves should only be used for selects and should never experience a 
write.


That would make sense based on our discussion, correct?

Thanks again.
Jim



As masters and slaves can exchange "positions" or "roles" (it depends 
on how you like to mentally visualize the relationship) within a 
replication graph in a failover situation, adding time to re-establish 
actual permissions using GRANT commands to reset user accounts to 
their old privileges may not be time you want to spend.


A cleaner, simpler solution is to set the --super-read-only flag in 
the server:
https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_super_read_only 



That way, you get the behavior you want (no writes to a read-only 
slave) without forcing differences to the content of your privileges 
tables within different nodes of your Replication setup.  Each node 
will remain a transactionally consistent copy of all the others 
(within the temporal limits of replication being an asynchronous 
process).


Yours,



Thanks, Shawn.

super-read-only looks perfect for what I want. I can keep my slaves with 
all the potential users needed to take over as master without risking 
unwanted writes.


Given how you read:
"If the |read_only| 
<https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_read_only> 
system variable is enabled, the server permits client updates only from 
users who have the |SUPER| 
<https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_super> 
privilege. If the |super_read_only| 
<https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_super_read_only> 
system variable is also enabled, the server prohibits client updates 
even from users who have |SUPER| 
<https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_super>."
One somewhat gets the impression that in order to enable 
super_read_only, one must also enable read_only.


However, base

Re: Replication and user privileges

[shawn l.green]

Hello Jim,

On 2/25/2019 7:29 PM, Jim wrote:

On 2/25/2019 5:46 PM, shawn l.green wrote:

Hello Jim,

On 2/25/2019 5:04 PM, Jim wrote:

I have a question about mysql replication. I believe I understand most
of it, but have a question about user privileges.

I understand on the master, the replication user must have the
Repl_slave_priv privilege as described here:
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave



My question is about what replication-related users and privileges must
exist on the slave.

So, for example, if an insert on the master that is to be replicated is
performed by user 'abc' with proper insert permissions on the master,
does that same 'abc' user with same insert permissions need to exist on
the slave as well?

In other words, what user is performing the replication operation on the
slave? I don't see any indication of users referenced in the bin logs
that I have examined on the master. Are user and privileges regarding
replicated queries irrelevant on the slave and that is handled all
internally via the replication thread with no regard to user privileges?

Thank you.
Jim



Your final supposition is correct. All privileges were checked and
verified on the master when the original command was executed. The
Replication system on the slave is going to repeat that change as well
as possible given the state of its copy of the data without regards to
"who originally performed this change" on the upstream master.

We do not store credentials in the Binary Log because they are not
important to either of the purposes of the Binary Log

* point-in-time recovery
or
* Replication (which is very much like an automated, continuous
point-in-time recovery)

===

That replication account you mentioned, on the master, is required to
give a slave (and you could have several) enough rights to read the
Binary Log and not much else. This allows you to create an account
that can login from a remote location with the "least privileges"
necessary to do its job. This minimizes your data's exposure should
that account become compromised.

Many other accounts could also have the REPL_SLAVE_PRIV privilege and
any of those could be used by a slave to do the same job. However
losing control over one of those more privileged accounts could pose a
higher risk to your data.




Thanks, Shawn. Your response confirms what I had assumed was happening.

So bottom line... what I plan to do is strip the various
insert/update/delete privileges from appropriate db users on my slaves.
I had placed them there originally because I thought they would be
needed for the replicated queries, but not true based on your response.

I only want the various mysql users used by my code to have select privs
on the slaves so that if somehow a slave was mistakenly written to via a
bug in my code, that write would fail and I would receive the error. The
slaves should only be used for selects and should never experience a write.

That would make sense based on our discussion, correct?

Thanks again.
Jim



As masters and slaves can exchange "positions" or "roles" (it depends on 
how you like to mentally visualize the relationship) within a 
replication graph in a failover situation, adding time to re-establish 
actual permissions using GRANT commands to reset user accounts to their 
old privileges may not be time you want to spend.


A cleaner, simpler solution is to set the --super-read-only flag in the 
server:

https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_super_read_only

That way, you get the behavior you want (no writes to a read-only slave) 
without forcing differences to the content of your privileges tables 
within different nodes of your Replication setup.  Each node will remain 
a transactionally consistent copy of all the others (within the temporal 
limits of replication being an asynchronous process).


Yours,

--
Shawn Green
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Integrated Cloud Applications & Platform Services
Office: Blountville, TN

Become certified in MySQL! Visit https://www.mysql.com/certification/ 
for details.


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Replication and user privileges

[Jim]

On 2/25/2019 5:46 PM, shawn l.green wrote:

Hello Jim,

On 2/25/2019 5:04 PM, Jim wrote:

I have a question about mysql replication. I believe I understand most
of it, but have a question about user privileges.

I understand on the master, the replication user must have the
Repl_slave_priv privilege as described here:
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave 




My question is about what replication-related users and privileges must
exist on the slave.

So, for example, if an insert on the master that is to be replicated is
performed by user 'abc' with proper insert permissions on the master,
does that same 'abc' user with same insert permissions need to exist on
the slave as well?

In other words, what user is performing the replication operation on the
slave? I don't see any indication of users referenced in the bin logs
that I have examined on the master. Are user and privileges regarding
replicated queries irrelevant on the slave and that is handled all
internally via the replication thread with no regard to user privileges?

Thank you.
Jim



Your final supposition is correct. All privileges were checked and 
verified on the master when the original command was executed. The 
Replication system on the slave is going to repeat that change as well 
as possible given the state of its copy of the data without regards to 
"who originally performed this change" on the upstream master.


We do not store credentials in the Binary Log because they are not 
important to either of the purposes of the Binary Log


* point-in-time recovery
or
* Replication (which is very much like an automated, continuous 
point-in-time recovery)


===

That replication account you mentioned, on the master, is required to 
give a slave (and you could have several) enough rights to read the 
Binary Log and not much else. This allows you to create an account 
that can login from a remote location with the "least privileges" 
necessary to do its job. This minimizes your data's exposure should 
that account become compromised.


Many other accounts could also have the REPL_SLAVE_PRIV privilege and 
any of those could be used by a slave to do the same job. However 
losing control over one of those more privileged accounts could pose a 
higher risk to your data.





Thanks, Shawn. Your response confirms what I had assumed was happening.

So bottom line... what I plan to do is strip the various 
insert/update/delete privileges from appropriate db users on my slaves.
I had placed them there originally because I thought they would be 
needed for the replicated queries, but not true based on your response.


I only want the various mysql users used by my code to have select privs 
on the slaves so that if somehow a slave was mistakenly written to via a 
bug in my code, that write would fail and I would receive the error. The 
slaves should only be used for selects and should never experience a write.


That would make sense based on our discussion, correct?

Thanks again.
Jim

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Replication and user privileges

[shawn l.green]

Hello Jim,

On 2/25/2019 5:04 PM, Jim wrote:

I have a question about mysql replication. I believe I understand most
of it, but have a question about user privileges.

I understand on the master, the replication user must have the
Repl_slave_priv privilege as described here:
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave


My question is about what replication-related users and privileges must
exist on the slave.

So, for example, if an insert on the master that is to be replicated is
performed by user 'abc' with proper insert permissions on the master,
does that same 'abc' user with same insert permissions need to exist on
the slave as well?

In other words, what user is performing the replication operation on the
slave? I don't see any indication of users referenced in the bin logs
that I have examined on the master. Are user and privileges regarding
replicated queries irrelevant on the slave and that is handled all
internally via the replication thread with no regard to user privileges?

Thank you.
Jim



Your final supposition is correct. All privileges were checked and 
verified on the master when the original command was executed. The 
Replication system on the slave is going to repeat that change as well 
as possible given the state of its copy of the data without regards to 
"who originally performed this change" on the upstream master.


We do not store credentials in the Binary Log because they are not 
important to either of the purposes of the Binary Log


* point-in-time recovery
or
* Replication (which is very much like an automated, continuous 
point-in-time recovery)


===

That replication account you mentioned, on the master, is required to 
give a slave (and you could have several) enough rights to read the 
Binary Log and not much else. This allows you to create an account that 
can login from a remote location with the "least privileges" necessary 
to do its job. This minimizes your data's exposure should that account 
become compromised.


Many other accounts could also have the REPL_SLAVE_PRIV privilege and 
any of those could be used by a slave to do the same job. However losing 
control over one of those more privileged accounts could pose a higher 
risk to your data.



--
Shawn Green
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Integrated Cloud Applications & Platform Services
Office: Blountville, TN

Become certified in MySQL! Visit https://www.mysql.com/certification/ 
for details.


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Replication and user privileges

[Jim]

I have a question about mysql replication. I believe I understand most 
of it, but have a question about user privileges.


I understand on the master, the replication user must have the 
Repl_slave_priv privilege as described here:

https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave

My question is about what replication-related users and privileges must 
exist on the slave.


So, for example, if an insert on the master that is to be replicated is 
performed by user 'abc' with proper insert permissions on the master, 
does that same 'abc' user with same insert permissions need to exist on 
the slave as well?


In other words, what user is performing the replication operation on the 
slave? I don't see any indication of users referenced in the bin logs 
that I have examined on the master. Are user and privileges regarding 
replicated queries irrelevant on the slave and that is handled all 
internally via the replication thread with no regard to user privileges?


Thank you.
Jim

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Last established connection timestamp by a specific user

[Singer Wang]

Unfortunately not with the standard configuration.

You're best bet going forward would be to look at
MySQL Enterprise Audit -
https://www.mysql.com/products/enterprise/audit.html


On Tue, Oct 10, 2017 at 3:54 PM, Gone, Sajan <sg...@lb.com> wrote:

> Hi,
>
>We have a MySQL instance which is currently running on version
> `5.7.11-enterprise-commercial-advanced-log`.  On this instance I am
> trying to figure out the most recent timestamp at which a specific user has
> established a connection to this instance (or) performed any DML operations
> which might have changed the status of the database.
>
> Is there any way I can get such information from the 
> information_schema/performance_schema
> tables (or) from any of the mysql logs?
>
> Thank You,
> Sajan Gone
> Database Administrator.
>
> 
>
> Notice: This communication may contain privileged and/or confidential
> information. If you are not the intended recipient, please notify the
> sender by email, and immediately delete the message and any attachments
> without copying or disclosing them. LB may, for any reason, intercept,
> access, use, and disclose any information that is communicated by or
> through, or which is stored on, its networks, applications, services, and
> devices.
>

Last established connection timestamp by a specific user

[Gone, Sajan]

Hi,

   We have a MySQL instance which is currently running on version 
`5.7.11-enterprise-commercial-advanced-log`.  On this instance I am trying to 
figure out the most recent timestamp at which a specific user has established a 
connection to this instance (or) performed any DML operations which might have 
changed the status of the database.

Is there any way I can get such information from the 
information_schema/performance_schema tables (or) from any of the mysql logs?

Thank You,
Sajan Gone
Database Administrator.



Notice: This communication may contain privileged and/or confidential 
information. If you are not the intended recipient, please notify the sender by 
email, and immediately delete the message and any attachments without copying 
or disclosing them. LB may, for any reason, intercept, access, use, and 
disclose any information that is communicated by or through, or which is stored 
on, its networks, applications, services, and devices.

QxOrm 1.4.1 released : new documentation (user guide), and boost::serialization becomes optional

[QxOrm contact]

Hello,

*QxOrm 1.4.1 just released !* <http://www.qxorm.com/>


Changes in version QxOrm 1.4.1 :
*!!! IMPORTANT NOTE ABOUT THIS VERSION !!!* : it is strongly recommended to
read the QxOrm.pri configuration file
<http://www.qxorm.com/qxorm_en/manual.html#manual_220> of this new version
(compilation options have changed compared to previous versions).
Now, by default, QxOrm library is a much lighter library : QxOrm depends
only on *QtCore* and *QtSql* (boost serialization is now optional and not
required by default).
By default, serialization engine is now based on Qt *QDataStream* class
(but you can still enable boost serialization defining *
_QX_ENABLE_BOOST_SERIALIZATION* compilation option in QxOrm.pri
configuration file).
So now, with default options :
 - QxOrm 1.4.1 is much easier to install because you don't have to deal
with boost serialization extra dependency ;
 - QxOrm 1.4.1 shared library is 3X smaller than 1.3.2 version ;
 - Generated binaries which depends on QxOrm library are 25% smaller ;
 - If you are not using serialization functions in current projects based
on QxOrm library, then you can define or not
*_QX_ENABLE_BOOST_SERIALIZATION* compilation option without changing any
line of your source code.


Here are all other changes of version QxOrm 1.4.1 :
 - Improve relationships engine : possibility to select columns to fetch
using syntax : my_relation { col_1, col_2, etc... }
<http://www.qxorm.com/qxorm_en/manual.html#manual_3850> ;
 - Improve QxTraits module
<http://www.qxorm.com/doxygen/html/group___qx_traits.html> to reduce
compilation times and build smaller binaries ;
 - Improve QxOrm website adding possibility to search and replacing the old
FAQ <http://www.qxorm.com/qxorm_en/faq.html> by a more organized manual
(user guide) <http://www.qxorm.com/qxorm_en/manual.html> ;
 - New compilation option *_QX_ENABLE_BOOST_SERIALIZATION* to enable boost
serialization dependency (read QxOrm.pri configuration file for more
details) ;
 - New compilation option *_QX_ENABLE_QT_NETWORK* to enable QxService module
<http://www.qxorm.com/qxorm_en/manual.html#manual_80> (transfer persistent
layer over network) : read QxOrm.pri configuration file for more details ;
 - New compilation option *_QX_NO_RTTI* to build QxOrm library without C++
RTTI type information ;
 - Support QDataStream Qt serialization engine
<http://www.qxorm.com/qxorm_en/manual.html#manual_600> (used by default
when *_QX_ENABLE_BOOST_SERIALIZATION* compilation option is not defined) ;
 - Improve qx_query class
<http://www.qxorm.com/qxorm_en/manual.html#manual_3600> (SQL queries) : new
method (named *customOperator()*) which gives the possibility to define a
custom operator (for example <@ for PostgreSQL ltree type) ;
 - Fix a program startup issue due to 'static initialization order fiasco'
creating singletons (it was an issue with some compilers during the shared
library link process) ;
 - New namespace qx::dao::throwable : same functions as qx::dao namespace
<http://www.qxorm.com/doxygen/html/namespaceqx_1_1dao.html>, but they throw
a *qx::dao::sql_error* exception when a SQL error occurred (instead of
returning a *QSqlError* instance) ;
 - Add a *qAssertMsg()* macro to put a more explicit error message when
throwing an assertion ;
 - Include all **.inl* files (template implementation) in QxOrm.pro project
file : QtCreator can now index these **.inl* files in its project treeview ;
 - Rename *QxStringCvt* to *QxConvert* : so if you persist custom types to
database, you have to rename from *QxStringCvt_FromVariant,
QxStringCvt_ToVariant* to *QxConvert_FromVariant, QxConvert_ToVariant*.


You can download latest version of *QxOrm library* and *QxEntityEditor
application* on QxOrm website. <http://www.qxorm.com/>


Regards,


Lionel Marty - QxOrm library

Re: When to create a new user?

[Jan Steinman]

 From: Richard Reina gatorre...@gmail.com
 
 I am writing a web application... As new users sign up for
 the application should each get their own MySQL username and password or is
 okay to execute their queries with the same (one generic) MySQL username
 and password?

As others have said, it sounds like one SQL user.

Think of MySQL users as roles, rather than users. Segregate these roles 
according to how much trust you have in the user behind the role, and how much 
damage that role could perform.

You may want a separate MySQL user that can only INSERT, for example, but 
without DELETE permission.

 Be a light, not a judge. Be a model, not a critic. Be part of the 
solution, not part of the problem. -- Stephen R. Covey
 Jan Steinman, EcoReality Co-op 


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: When to create a new user?

[Jim]

On 8/19/2015 9:24 AM, Reindl Harald wrote:


Am 19.08.2015 um 15:18 schrieb Jim:

On 8/19/2015 8:40 AM, Reindl Harald wrote:


Am 19.08.2015 um 14:29 schrieb Richard Reina:

I am writing a web application in perl that will create, edit, update
and
delete data from a MySQL database. I have written a perl module that
will
manage the connections (issue database handles ). As new users sign up
for
the application should each get their own MySQL username and password
or is
okay to execute their queries with the same (one generic) MySQL
username
and password?


one generic for the application

since you normally never ever should connect as root to your application
it even don't have the permissions to add mysql-users

how would you even imagine working with a usertable on your applications
side which is for every user different - chicken/egg


One generic, non-admin user is what you'll find in most apps.

Some developers take the approach of creating several users based on
level of operation and least privilege, particularly for public facing
scripts.

So, for example, if the operation is to delete data, that might be one
user. Perhaps there is some very sensitive data in the environment and
you'll create a given user for accessing that data and no other user has
access to that data.

Each user is given no greater access than is required based on the
intent of that user.

Then the given script connects with the appropriate user here.

Of course, you should program against and have defenses for db-related
vulnerabilities like SQL-injection, but the thinking with the multiple
users is if you had a script that was vulnerable to some exploit, the
damage would be limited to the privileges of the mysql user used to
connect to your database. It's a bit harder to manage and requires some
more planning up front, but it adds to damage control in case of a db
related exploit. You'd make this call based on how sensitive and
important your data is and how much effort you are willing to put into
the planning and design.


yes, but what has this all to do with As new users sign up for the
application and create a own mysql-user for each application user?



OP's question was generic on when to create db users. I provided an 
alternative (arguably more secure for public facing scripts) to a single 
user per app... again... depends on the value of the data and level of 
programming effort.


Read it; don't read it; use it or don't. It's more information and adds 
to the education of anyone interested. If not used now, there might be a 
future case or someone else reading this that might consider the approach.



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: When to create a new user?

[Reindl Harald]

Am 19.08.2015 um 15:18 schrieb Jim:

On 8/19/2015 8:40 AM, Reindl Harald wrote:


Am 19.08.2015 um 14:29 schrieb Richard Reina:

I am writing a web application in perl that will create, edit, update
and
delete data from a MySQL database. I have written a perl module that
will
manage the connections (issue database handles ). As new users sign up
for
the application should each get their own MySQL username and password
or is
okay to execute their queries with the same (one generic) MySQL username
and password?


one generic for the application

since you normally never ever should connect as root to your application
it even don't have the permissions to add mysql-users

how would you even imagine working with a usertable on your applications
side which is for every user different - chicken/egg


One generic, non-admin user is what you'll find in most apps.

Some developers take the approach of creating several users based on
level of operation and least privilege, particularly for public facing
scripts.

So, for example, if the operation is to delete data, that might be one
user. Perhaps there is some very sensitive data in the environment and
you'll create a given user for accessing that data and no other user has
access to that data.

Each user is given no greater access than is required based on the
intent of that user.

Then the given script connects with the appropriate user here.

Of course, you should program against and have defenses for db-related
vulnerabilities like SQL-injection, but the thinking with the multiple
users is if you had a script that was vulnerable to some exploit, the
damage would be limited to the privileges of the mysql user used to
connect to your database. It's a bit harder to manage and requires some
more planning up front, but it adds to damage control in case of a db
related exploit. You'd make this call based on how sensitive and
important your data is and how much effort you are willing to put into
the planning and design.


yes, but what has this all to do with As new users sign up for the 
application and create a own mysql-user for each application user?




signature.asc
Description: OpenPGP digital signature

Re: When to create a new user?

[Jim]

On 8/19/2015 8:40 AM, Reindl Harald wrote:


Am 19.08.2015 um 14:29 schrieb Richard Reina:

I am writing a web application in perl that will create, edit, update and
delete data from a MySQL database. I have written a perl module that will
manage the connections (issue database handles ). As new users sign up
for
the application should each get their own MySQL username and password
or is
okay to execute their queries with the same (one generic) MySQL username
and password?


one generic for the application

since you normally never ever should connect as root to your application
it even don't have the permissions to add mysql-users

how would you even imagine working with a usertable on your applications
side which is for every user different - chicken/egg



One generic, non-admin user is what you'll find in most apps.

Some developers take the approach of creating several users based on 
level of operation and least privilege, particularly for public facing 
scripts.


So, for example, if the operation is to delete data, that might be one 
user. Perhaps there is some very sensitive data in the environment and 
you'll create a given user for accessing that data and no other user has 
access to that data.


Each user is given no greater access than is required based on the 
intent of that user.


Then the given script connects with the appropriate user here.

Of course, you should program against and have defenses for db-related 
vulnerabilities like SQL-injection, but the thinking with the multiple 
users is if you had a script that was vulnerable to some exploit, the 
damage would be limited to the privileges of the mysql user used to 
connect to your database. It's a bit harder to manage and requires some 
more planning up front, but it adds to damage control in case of a db 
related exploit. You'd make this call based on how sensitive and 
important your data is and how much effort you are willing to put into 
the planning and design.


Jim


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

When to create a new user?

[Richard Reina]

I am writing a web application in perl that will create, edit, update and
delete data from a MySQL database. I have written a perl module that will
manage the connections (issue database handles ). As new users sign up for
the application should each get their own MySQL username and password or is
okay to execute their queries with the same (one generic) MySQL username
and password?

Thanks

Re: When to create a new user?

[Reindl Harald]

Am 19.08.2015 um 14:29 schrieb Richard Reina:

I am writing a web application in perl that will create, edit, update and
delete data from a MySQL database. I have written a perl module that will
manage the connections (issue database handles ). As new users sign up for
the application should each get their own MySQL username and password or is
okay to execute their queries with the same (one generic) MySQL username
and password?


one generic for the application

since you normally never ever should connect as root to your application 
it even don't have the permissions to add mysql-users


how would you even imagine working with a usertable on your applications 
side which is for every user different - chicken/egg




signature.asc
Description: OpenPGP digital signature

Re: When to create a new user?

[James Moe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/19/2015 05:29 AM, Richard Reina wrote:
 As new users sign up for the application should each get their own 
 MySQL username and password or is okay to execute their queries 
 with the same (one generic) MySQL username and password?
 
  That is rather vague.
  What data is stored for each user?
  What are these queries that a user may perform?

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlXUvlgACgkQzTcr8Prq0ZPrHQCdFDqY9uEa1mS62LuUr7FhqzEa
6R4AoJu6L5Je6sXivtY31RPGgM8bIYv7
=vyyy
-END PGP SIGNATURE-

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: When to create a new user?

[James Moe]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/19/2015 10:06 AM, Richard Reina wrote:
 Data stored for each user would be a list of places visited that
 and details relating to those trips. The type of queries they would
 be able to perform be able to read, update and create new records.
 
  I see no reason to create a unique user account for this use case.
Each user's data goes into a singe table, and a view based on the
user's ID would restrict data access for each user.

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlXUv0QACgkQzTcr8Prq0ZOaXACdFrnbcxrJMsVq3cn6fzbfbdn4
iBoAnRX3USjmqnKWgdHGvuVBxrQnH++X
=bhJj
-END PGP SIGNATURE-

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: can't authenticate ssl user account

[Tim Dunphy]

Hi Reindel,

you client configuration shows no indication for SSL, i see it in my.cnf
 only in the [mysqld] section and remember when you initrialize replication
 you need to specify it there too

 i doubt there is anything to change the logging but since you *know* what
 that user requires that should really not be the problem - said from
 somebody using SSL for any mysql connection over TCP for years now
 (replication, php-applications, cli-client...)



Ok!! Thanks. But when I try to setup my client configuration to use SSL,
mariadb server refuses to start. It times out:

[root@db2:~] #systemctl status mysql.service
mysql.service - LSB: start and stop MySQL
   Loaded: loaded (/etc/rc.d/init.d/mysql)
   Active: failed (Result: exit-code) since Tue 2015-07-21 18:29:24 UTC;
13s ago
  Process: 19965 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited,
status=0/SUCCESS)
  Process: 21973 ExecStart=/etc/rc.d/init.d/mysql start (code=exited,
status=1/FAILURE)

Jul 21 18:29:23 db2 systemd[1]: Starting LSB: start and stop MySQL...
Jul 21 18:29:24 db2 mysql[21973]: Starting MySQL. ERROR!
Jul 21 18:29:24 db2 systemd[1]: mysql.service: control process exited,
code=exited status=1
Jul 21 18:29:24 db2 systemd[1]: Failed to start LSB: start and stop MySQL.
Jul 21 18:29:24 db2 systemd[1]: Unit mysql.service entered failed state.


Here's my my.cnf on the client side that is causing the time out error to
occur:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
old_passwords=1
ssl
server-id=2
replicate-do-db=jfwiki

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
master-connect-retry=60

!includedir /etc/my.cnf.d

[client]
ssl-ca=/opt/mysql/ca-cert.pem
ssl-cert=/opt/mysql/client-cert.pem
ssl-key=/opt/mysql/client-key.pem

Any idea why that's happening or how to correct it?

Thanks,
Tim

On Tue, Jul 21, 2015 at 4:25 AM, Reindl Harald h.rei...@thelounge.net
wrote:


 Am 21.07.2015 um 05:03 schrieb Tim Dunphy:

 I see absolutely NO indication as to why the login for the 'slave2' user
 (that requires SSL) is failing

 So my questions are 1) how to I bump up the verbosity on the logs so I can
 get an indication as to why this is failing? 2) what is the best way to
 troubleshoot this?


 you client configuration shows no indication for SSL, i see it in my.cnf
 only in the [mysqld] section and remember when you initrialize replication
 you need to specify it there too

 i doubt there is anything to change the logging but since you *know* what
 that user requires that should really not be the problem - said from
 somebody using SSL for any mysql connection over TCP for years now
 (replication, php-applications, cli-client...)

 CHANGE MASTER TO MASTER_HOST='masterip', MASTER_USER='user',
 MASTER_PASSWORD='password', MASTER_PORT=3306, MASTER_CONNECT_RETRY=3600,
 MASTER_SSL=1, MASTER_SSL_CA='/etc/mysqlssl/ca.crt',
 MASTER_SSL_CERT='/etc/mysqlssl/client.pem',
 MASTER_SSL_KEY='/etc/mysqlssl/client.pem'; START SLAVE;




-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

Re: can't authenticate ssl user account

[Reindl Harald]

Am 21.07.2015 um 05:03 schrieb Tim Dunphy:

I see absolutely NO indication as to why the login for the 'slave2' user
(that requires SSL) is failing

So my questions are 1) how to I bump up the verbosity on the logs so I can
get an indication as to why this is failing? 2) what is the best way to
troubleshoot this?


you client configuration shows no indication for SSL, i see it in my.cnf 
only in the [mysqld] section and remember when you initrialize 
replication you need to specify it there too


i doubt there is anything to change the logging but since you *know* 
what that user requires that should really not be the problem - said 
from somebody using SSL for any mysql connection over TCP for years now 
(replication, php-applications, cli-client...)


CHANGE MASTER TO MASTER_HOST='masterip', MASTER_USER='user', 
MASTER_PASSWORD='password', MASTER_PORT=3306, MASTER_CONNECT_RETRY=3600, 
MASTER_SSL=1, MASTER_SSL_CA='/etc/mysqlssl/ca.crt', 
MASTER_SSL_CERT='/etc/mysqlssl/client.pem', 
MASTER_SSL_KEY='/etc/mysqlssl/client.pem'; START SLAVE;




signature.asc
Description: OpenPGP digital signature

can't authenticate ssl user account

[Tim Dunphy]

Hey all,


I need to setup replication via SSL. 2 nodes master/master for H/A. Then 2
slave nodes for backup. Node 3 will slave off of node 1, and node 4 will
slave off of node 2 for redundant backups. Nodes 3  4 will store backups
to a directory mapped to S3 via S3FS. All nodes are physical.

We're using mariadb-5.5.41 server on CentOS 7 hosts.

It's a neat plan!

However I am unable to get authentication to work with ssl required of the
user.

We already have a CA certificate and key established in the environment.
And we used those to generate the cert and key to be used with mariadb.

This is the process we used to generate the cert/key:

openssl genrsa -des3 -out db1.example.com.key 4096
openssl req -new -key db1.example.com.key -out db1.example.com.csr
openssl x509 -req -days 3650 -in db1.example.com.csr -CA ca.crt -CAkey
ca.key -set_serial 01 -out db1.example.com.crt

Using those keys I put together this my.cnf file. Haven't gotten around to
configuring replication yet, as I have yet to get ssl logins to work.

[root@db1:~] #cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security
risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
ssl
ssl-ca=/opt/mysql/ca.crt
ssl-cert=/opt/mysql/db1.example.com.crt
ssl-key=/opt/mysql/db1.example.com.key

[mysqld_safe]
general_log_file=/var/log/mariadb/mariadb.log
general_log=1
log-error=/var/log/mariadb/mariadb_error.log
pid-file=/var/run/mariadb/mariadb.pid
log_slow_queries=/var/log/mysql/mysql-slow.log
long_query_time=2
log-queries-not-using-indexes

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

Made sure mariadb could read the cert files:

[root@db1:~] #ls -ld /opt/mysql/ /opt/mysql/*
drwx--. 2 mysql mysql   86 Jul 20 06:20 /opt/mysql/
-r. 1 mysql mysql 2212 Jul 20 05:14 /opt/mysql/ca.crt
-r. 1 mysql mysql 1956 Jul 20 05:17
/opt/mysql/db1.example.com.crt
-r. 1 mysql mysql 3247 Jul 20 05:15
/opt/mysql/db1.example.com.key

And restarted mariadb. And if I take a look at my SSL variables in my mysql
command line, everything is looking good.

MariaDB [mysql] show variables like '%ssl%';
+---+-+
| Variable_name | Value   |
+---+-+
| have_openssl  | YES |
| have_ssl  | YES |
| ssl_ca| /opt/mysql/ca.crt   |
| ssl_capath| |
| ssl_cert  | /opt/mysql/db1.example.com.crt |
| ssl_cipher| |
| ssl_key   | /opt/mysql/db1.example.com.key |
+---+-+
7 rows in set (0.00 sec)

If I create one replication user without SSL required, he is able to log in
from node 2 to node 1 no problem:

MariaDB [mysql] grant replication slave on *.* to 'slave1'@'
db2.example.com' identified by 'secret';
Query OK, 0 rows affected (0.00 sec)

[root@db2:~] #mysql -uslave1 -p -h db1.example.com
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 5.5.41-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

MariaDB [(none)]

If I show grants on this user I can confirm that SSL is not required

MariaDB [mysql] show grants for 'slave1'@'db2.example.com';

++
| Grants for sla...@db2.example.com
  |

++
| GRANT REPLICATION SLAVE ON *.* TO 'slave1'@'db2.example.com'
IDENTIFIED BY PASSWORD '*somelongpasswordhash' |

++
1 row in set (0.00 sec)

If I create the second slave user with the SSL requirement, and even flush
privileges, I can not log into node 1 from node 2

MariaDB [mysql] grant replication slave on *.* to 'slave2'@'
db2.example.com' identified by 'test' require ssl;
Query OK, 0 rows affected

Re: how can i login without a password although in the user-table is a password ?

[Lentes, Bernd]

Bernd wrote:
 a password ?

 Hi,

 this is my system:

 mysql status
 --
 mysql  Ver 14.12 Distrib 5.0.26, for suse-linux (x86_64) using readline 5.1

 Connection id:  142883
 Current database:   mysql
 Current user:   root@localhost
 SSL:Not in use
 Current pager:  less
 Using outfile:  ''
 Using delimiter:;
 Server version: 5.0.26-Max-log
 Protocol version:   10
 Connection: Localhost via UNIX socket
 Server characterset:utf8
 Db characterset:utf8
 Client characterset:utf8
 Conn.  characterset:utf8
 UNIX socket:/var/lib/mysql/mysql.sock
 Uptime: 223 days 22 hours 38 min 49 sec

 Threads: 1  Questions: 9178423  Slow queries: 99  Opens: 607644  Flush
 tables: 3  Open tables: 64  Queries per second avg: 0.474


 my user-table looks like this:

 mysql select host,user,password from user;
 ++--+---+
 | host   | user | password  |
 ++--+---+
 | localhost | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9
 |
 | pc52974.gsf.de | root |
 *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
 | pc52974.gsf.de |  | *1939D66C9255EE78C765CD91B5FB465C7A9472D9
 |
 | localhost  |  | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
 | %  | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
 | 127.0.0.1  | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
 ++--+---+

 I know that this is not the best solution, I will change it.
 Using mysql on a Linux-system I can login with mysql -u root without
 supplying a password. How is this possible although there is a password
 for each user and for root in the user-table ?


I found it out by myself: I have a .my.cnf in my home-directory. I forgot.

Bernd


Helmholtz Zentrum München
Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe
Geschäftsführer: Prof. Dr. Günther Wess, Dr. Nikolaus Blum, Dr. Alfons Enhsen
Registergericht: Amtsgericht München HRB 6466
USt-IdNr: DE 129521671

how can i login without a password although in the user-table is a password ?

[Lentes, Bernd]

Hi,

this is my system:

mysql status
--
mysql  Ver 14.12 Distrib 5.0.26, for suse-linux (x86_64) using readline 5.1

Connection id:  142883
Current database:   mysql
Current user:   root@localhost
SSL:Not in use
Current pager:  less
Using outfile:  ''
Using delimiter:;
Server version: 5.0.26-Max-log
Protocol version:   10
Connection: Localhost via UNIX socket
Server characterset:utf8
Db characterset:utf8
Client characterset:utf8
Conn.  characterset:utf8
UNIX socket:/var/lib/mysql/mysql.sock
Uptime: 223 days 22 hours 38 min 49 sec

Threads: 1  Questions: 9178423  Slow queries: 99  Opens: 607644  Flush tables: 
3  Open tables: 64  Queries per second avg: 0.474


my user-table looks like this:

mysql select host,user,password from user;
++--+---+
| host   | user | password  |
++--+---+
| localhost | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
| pc52974.gsf.de | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
| pc52974.gsf.de |  | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
| localhost  |  | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
| %  | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
| 127.0.0.1  | root | *1939D66C9255EE78C765CD91B5FB465C7A9472D9 |
++--+---+

I know that this is not the best solution, I will change it.
Using mysql on a Linux-system I can login with mysql -u root without 
supplying a password. How is this possible although there is a password for 
each user and for root in the user-table ?


Thanks in advance.


Bernd



--
Bernd Lentes

Systemadministration
Institut für Entwicklungsgenetik
Gebäude 35.34 - Raum 208
HelmholtzZentrum münchen
bernd.len...@helmholtz-muenchen.de
phone: +49 89 3187 1241
fax:   +49 89 3187 2294
http://www.helmholtz-muenchen.de/idg

Je suis Charlie



Helmholtz Zentrum München
Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe
Geschäftsführer: Prof. Dr. Günther Wess, Dr. Nikolaus Blum, Dr. Alfons Enhsen
Registergericht: Amtsgericht München HRB 6466
USt-IdNr: DE 129521671

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

access denied fpr user 'root'@'localhost' (using password: NO)

[Érico]

I have ran the following to test a fix for an app issue :

delete from mysql.user where user='';
2lines got effected

after this I can´t connect through command line anymore :

./mysqladmin -u root password pwd

I get access denied for user 'root'@'localhost (using password:'NO')

how can I restore the db so I can connect through command line again ?

thks

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[Reindl Harald]

Am 29.05.2014 20:22, schrieb Érico:
 I have ran the following to test a fix for an app issue :
 
 delete from mysql.user where user='';
 2lines got effected
 
 after this I can´t connect through command line anymore :
 
 ./mysqladmin -u root password pwd
 
 I get access denied for user 'root'@'localhost (using password:'NO')

your command line is plain wrong
as you can see in the response you are *not* using a password

./mysqladmin -u root --password=pwd

*don't do that at all* your password ends in the history
./mysqladmin -u root -p

after that you get a pwd-prompt

 how can I restore the db so I can connect through command line again ?

if you really need to login with a destroyed userdb make sure
that nobody else can access the server and use skip grant

http://stackoverflow.com/questions/1708409/how-to-start-mysql-with-skip-grant-tables



signature.asc
Description: OpenPGP digital signature

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[Kishore Vaishnav]

Did you tried this..
http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html


*thanks,*
*-- *Kishore Kumar Vaishnav

On Thu, May 29, 2014 at 11:22 AM, Érico erico...@gmail.com wrote:

 I have ran the following to test a fix for an app issue :

 delete from mysql.user where user='';
 2lines got effected

 after this I can´t connect through command line anymore :

 ./mysqladmin -u root password pwd

 I get access denied for user 'root'@'localhost (using password:'NO')

 how can I restore the db so I can connect through command line again ?

 thks

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[Érico]

Hi

thanks but it is not working either

I wonder if the 2 rows I removed (with empty users for localhost and my
computer names) were responsilbe for allowing the autentication ?

how this table works ?

what mysql checks on it ? the pwd column ? if it is filled ?

what if I have 2 records for root/localhost ... ?

one with pwd filled
and the second with the pwd empty

how can I insert on this table with the mandatory column ssl_cipher as blob
... ? what value must I provide in a insert like :

insert into mysql.user(host,user,ssl_cipher) values('localhost','root' ,
??? )

thks !!


2014-05-29 15:36 GMT-03:00 Kishore Vaishnav kish...@railsfactory.org:

 Did you tried this..
 http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html


 *thanks,*
 *-- *Kishore Kumar Vaishnav

 On Thu, May 29, 2014 at 11:22 AM, Érico erico...@gmail.com wrote:

 I have ran the following to test a fix for an app issue :

 delete from mysql.user where user='';
 2lines got effected

 after this I can´t connect through command line anymore :

 ./mysqladmin -u root password pwd

 I get access denied for user 'root'@'localhost (using password:'NO')

 how can I restore the db so I can connect through command line again ?

 thks

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[Érico]

running this :

./mysqladmin -u root -p

at this momento it thorws me to mysqladmin  man page


2014-05-29 15:35 GMT-03:00 Reindl Harald h.rei...@thelounge.net:


 Am 29.05.2014 20:22, schrieb Érico:
  I have ran the following to test a fix for an app issue :
 
  delete from mysql.user where user='';
  2lines got effected
 
  after this I can´t connect through command line anymore :
 
  ./mysqladmin -u root password pwd
 
  I get access denied for user 'root'@'localhost (using password:'NO')

 your command line is plain wrong
 as you can see in the response you are *not* using a password

 ./mysqladmin -u root --password=pwd

 *don't do that at all* your password ends in the history
 ./mysqladmin -u root -p

 after that you get a pwd-prompt

  how can I restore the db so I can connect through command line again ?

 if you really need to login with a destroyed userdb make sure
 that nobody else can access the server and use skip grant


 http://stackoverflow.com/questions/1708409/how-to-start-mysql-with-skip-grant-tables

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[Reindl Harald]

well, i am mysql administrator over 10 years now
and never needed the mysqladmin command because
the mysql command line client offers anything i
ever needed

mysql -u root -p

[harry@srv-rhsoft:~]$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16056
Server version: 5.5.37-MariaDB-log thelounge

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]

Am 29.05.2014 21:19, schrieb Érico:
 running this :
 
 ./mysqladmin -u root -p
 
 at this momento it thorws me to mysqladmin  man page
 
 
 2014-05-29 15:35 GMT-03:00 Reindl Harald h.rei...@thelounge.net:
 

 Am 29.05.2014 20:22, schrieb Érico:
 I have ran the following to test a fix for an app issue :

 delete from mysql.user where user='';
 2lines got effected

 after this I can´t connect through command line anymore :

 ./mysqladmin -u root password pwd

 I get access denied for user 'root'@'localhost (using password:'NO')

 your command line is plain wrong
 as you can see in the response you are *not* using a password

 ./mysqladmin -u root --password=pwd

 *don't do that at all* your password ends in the history
 ./mysqladmin -u root -p

 after that you get a pwd-prompt

 how can I restore the db so I can connect through command line again ?

 if you really need to login with a destroyed userdb make sure
 that nobody else can access the server and use skip grant


 http://stackoverflow.com/questions/1708409/how-to-start-mysql-with-skip-grant-tables



signature.asc
Description: OpenPGP digital signature

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[shawn l.green]

Hello Érico

On 5/29/2014 2:22 PM, Érico wrote:

I have ran the following to test a fix for an app issue :

delete from mysql.user where user='';
2lines got effected

after this I can´t connect through command line anymore :

./mysqladmin -u root password pwd

I get access denied for user 'root'@'localhost (using password:'NO')

how can I restore the db so I can connect through command line again ?

thks



What that tells me is that you were never actually logging in as root 
but the system was authenticating you as the 'anonymous' user. Quoting 
from the very fine manual:


http://dev.mysql.com/doc/refman/5.6/en/account-names.html

A user name is either a nonblank value that literally matches the user 
name for incoming connection attempts, or a blank value (empty string) 
that matches any user name. An account with a blank user name is an 
anonymous user. To specify an anonymous user in SQL statements, use a 
quoted empty user name part, such as ''@'localhost'.




http://dev.mysql.com/doc/refman/5.6/en/connection-access.html

Identity checking is performed using the three user table scope columns 
(Host, User, and Password). The server accepts the connection only if 
the Host and User columns in some user table row match the client host 
name and user name and the client supplies the password specified in 
that row.

...
If the User column value is nonblank, the user name in an incoming 
connection must match exactly. If the User value is blank, it matches 
any user name. If the user table row that matches an incoming connection 
has a blank user name, the user is considered to be an anonymous user 
with no name, not a user with the name that the client actually 
specified. This means that a blank user name is used for all further 
access checking for the duration of the connection (that is, during 
Stage 2).

...
If you are able to connect to the server, but your privileges are not 
what you expect, you probably are being authenticated as some other 
account. To find out what account the server used to authenticate you, 
use the CURRENT_USER() function.



That same page in the manual (and its siblings) should also answer your 
questions as to how MySQL uses the `user` table, what the empty `user` 
and `password` column mean to login attempts, and how to configure 
SSL-based connections.


If you have forgotten your actual root@localhost password, you can reset 
it following one of the procedures provided here.

http://dev.mysql.com/doc/refman/5.6/en/resetting-permissions.html

Yours,
--
Shawn Green
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[Érico]

I am really sorry  about this one ..
the connection is ok ...

I had not checked that I was using mysqladmin instead of mysql

now please how can I check what is wrong with my application ( My SQL Admin
)

at its login page it asks for user / pwd / server and db

using both localhost and 127.0.01 ... it gets the same error :
access denied for user  'root'@'localhost'  

the app has a php config page where it fills these info

I am able to connect to it manually too using :
./mysql -h localhost -u root -pmy_pwd mysql-admin

but the app keeps geting the access denied error

would it be sometihng related to my /et/hosts ?

its content :

127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 mysqld
127.0.0.1 mac
localhost mac


my SO is a mac os 10.6.8

Thks Again !!



2014-05-29 16:26 GMT-03:00 Reindl Harald h.rei...@thelounge.net:

 well, i am mysql administrator over 10 years now
 and never needed the mysqladmin command because
 the mysql command line client offers anything i
 ever needed

 mysql -u root -p

 [harry@srv-rhsoft:~]$ mysql -u root -p
 Enter password:
 Welcome to the MariaDB monitor.  Commands end with ; or \g.
 Your MariaDB connection id is 16056
 Server version: 5.5.37-MariaDB-log thelounge

 Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input
 statement.

 MariaDB [(none)]

 Am 29.05.2014 21:19, schrieb Érico:
  running this :
 
  ./mysqladmin -u root -p
 
  at this momento it thorws me to mysqladmin  man page
 
 
  2014-05-29 15:35 GMT-03:00 Reindl Harald h.rei...@thelounge.net:
 
 
  Am 29.05.2014 20:22, schrieb Érico:
  I have ran the following to test a fix for an app issue :
 
  delete from mysql.user where user='';
  2lines got effected
 
  after this I can´t connect through command line anymore :
 
  ./mysqladmin -u root password pwd
 
  I get access denied for user 'root'@'localhost (using password:'NO')
 
  your command line is plain wrong
  as you can see in the response you are *not* using a password
 
  ./mysqladmin -u root --password=pwd
 
  *don't do that at all* your password ends in the history
  ./mysqladmin -u root -p
 
  after that you get a pwd-prompt
 
  how can I restore the db so I can connect through command line again ?
 
  if you really need to login with a destroyed userdb make sure
  that nobody else can access the server and use skip grant
 
 
 
 http://stackoverflow.com/questions/1708409/how-to-start-mysql-with-skip-grant-tables

Re: access denied fpr user 'root'@'localhost' (using password: NO)

[shawn l.green]

Hello Érico,

On 5/29/2014 3:51 PM, Érico wrote:

I am really sorry  about this one ..
the connection is ok ...

I had not checked that I was using mysqladmin instead of mysql

now please how can I check what is wrong with my application ( My SQL Admin
)

at its login page it asks for user / pwd / server and db

using both localhost and 127.0.01 ... it gets the same error :
access denied for user  'root'@'localhost'  

the app has a php config page where it fills these info

I am able to connect to it manually too using :
./mysql -h localhost -u root -pmy_pwd mysql-admin

but the app keeps geting the access denied error

would it be sometihng related to my /et/hosts ?

its content :

127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 mysqld
127.0.0.1 mac
localhost mac


my SO is a mac os 10.6.8

Thks Again !!
... snip ...


What is the result of this query:

SELECT user, host, length(password) from mysql.user;

What hapens if you change your login to this? (you should not put your 
passwords on your command lines if you can avoid it

http://dev.mysql.com/doc/refman/5.6/en/password-security-user.html
http://dev.mysql.com/doc/refman/5.6/en/connecting.html
)

./mysql -h 127.0.01 --port=3306 --protocol=TCP -u root -p mysql-admin

See also:
http://dev.mysql.com/doc/refman/5.6/en/access-denied.html

--
Shawn Green
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

[5.1 Vs 5.5 ] ERROR 1045 (28000): Access denied for user 'testuser'@'Serv1.corp.domain.in' (using password: YES)

[Vinay Gupta]

Hi,

I am trying to connect two mysql servers with different versions ( 5.1 
5.5 ) . But in Mysql 5.1 i am facing strange issues.

Below testuser exists in both Mysql Versions :


mysql select host,user,password from mysql.user where user='testuser';
+---++---+
| host  | user   |
password  |
+---++---+
| localhost | testuser   | *FJHHEU5746DDHDUDYDH66488 |
| %.corp.domain.in| testuser   | *FJHHEU5746DDHDUDYDH66488 |
+---++---+

and skip_networking is OFF


*Mysql Version : 5.1.58-log*

root@Serv1:~# mysql -utestuser -p@8AsnM0! -h $(hostname)
ERROR 1045 (28000): Access denied for user 'testuser'@'Serv1.corp.domain.in'
(using password: YES)

It connect successfully if i remove -h option because it connects by
localhost then

*Mysql version : 5.5.36-log *

root@Serv2:~# mysql -utestuser -p@8AsnM0! -h $(hostname)
Welcome to the MySQL monitor.  Commands end with ; or \g.
Server version: 5.5.36-log MySQL Community Server (GPL)
mysql

mysql select user(),current_user();
+--+---+
| user()   |
current_user()|
+--+---+
| testu...@serv2.corp.domain.in| testuser@%.corp.domain.in
   |
+--+---+

Is dere some bug in Mysql5.1 or i need to set bind_address parameter in it.

Thanks

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

ok

I have tried these :

ifconfig -a
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff00
gif0: flags=8010POINTOPOINT,MULTICAST mtu 1280
stf0: flags=0 mtu 1280
fw0: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 4078
lladdr 70:cd:60:ff:fe:eb:72:ea
media: autoselect full-duplex
status: inactive
en1: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 1500
ether e4:ce:8f:04:7c:f8
inet6 fe80::e6ce:8fff:fe04:7cf8%en1 prefixlen 64 scopeid 0x5
inet 169.254.99.150 netmask 0x broadcast 169.254.255.255
media: autoselect
status: active
en0: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 1500
ether c8:2a:14:1a:47:ea
media: autoselect (none)
status: inactive
wc2: flags=822BROADCAST,SMART,SIMPLEX mtu 1500
ether 00:02:55:11:19:76
media: 1000baseT (unknown type)
=


mac:bin ericomtx$ nslookup localhost
;; connection timed out; no servers could be reached

=


mac:bin ericomtx$ netstat -an | grep 3306
tcp46  0  0  *.3306 *.*LISTEN
tcp4   0  0  *.3306 *.*LISTEN

=

mac:bin ericomtx$ netstat -ln | grep mysql
ff801403c280 stream  0  00
ff801403b20000 /tmp/mysql.sock
ff801403a9c0 stream  0  0 ff801bbb78b8
000 /tmp/mysql.sock
ff8013fb0bc0 stream  0  0 ff8014aa8078
000 /opt/local/var/run/mysql5/mysqld.sock
*** here ... this last one is related to a previous mysql macports version
***

=

mac:lib ericomtx$ ps xa | grep mysqld
  231   ??  S  0:00.01 /bin/sh /opt/local/lib/mysql5/bin/mysqld_safe
--datadir=/opt/local/var/db/mysql5
--pid-file=/opt/local/var/db/mysql5/mac.local.pid
  295   ??  S  0:00.74 /opt/local/libexec/mysqld --basedir=/opt/local
--datadir=/opt/local/var/db/mysql5 --user=_mysql
--log-error=/opt/local/var/db/mysql5/mac.local.err
--pid-file=/opt/local/var/db/mysql5/mac.local.pid
--socket=/opt/local/var/run/mysql5/mysqld.sock
 2175 s000  S  0:00.02 /bin/sh
/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/bin/mysqld_safe
--datadir=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/data
--pid-file=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/data/mac.local.pid
 2273 s000  S  0:00.35
/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/bin/mysqld
--basedir=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86
--datadir=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/data
--plugin-dir=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/lib/plugin
--user=mysql
--log-error=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/data/mac.local.err
--pid-file=/Users/ericomtx/development/mysql/mysql-5.6.15-osx10.6-x86/data/mac.local.pid


=

I have uninstalled everything related to mysql ports

these dirs no longer exist :
/opt/local/lib/mysql5


/opt/local/libexec

I don't know from where they are getting called



2014/1/15 Claudio Nanni claudio.na...@gmail.com

 Hi


   |  | ericomtxmacbookpro.local |
  *E85DC00A0137C6171923BE35EDD809573FB3AB4F |
  


 mysql DELETE FROM mysql.user WHERE user='';
 mysql FLUSH PRIVILEGES;

 maybe helps?

 Cheers

 --
 Claudio

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Claudio Nanni]

Hi


   |  | ericomtxmacbookpro.local |
  *E85DC00A0137C6171923BE35EDD809573FB3AB4F |
  


mysql DELETE FROM mysql.user WHERE user='';
mysql FLUSH PRIVILEGES;

maybe helps?

Cheers

-- 
Claudio

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

 yes it is ...

  also , the eclipse is also local ...

  in both ... mysql-admin php application , plus inside eclispe plugin ...

  same behavior in both


2014/1/13 Reindl Harald h.rei...@thelounge.net

 i doubt that the webserver is running on the same
 machine as your mysql command shell

 Am 13.01.2014 23:59, schrieb Érico:
  true
 
  but please check this out :
 
  mysql Select user, host, password from mysql.user;
 
 +--+--+---+
  | user | host | password
  |
 
 +--+--+---+
  | root | localhost|
 *E85DC00A0137C6171923BE35EDD809573FB3AB4F |
  | root | ericomtxmacbookpro.local |
 *E85DC00A0137C6171923BE35EDD809573FB3AB4F |
  | root | 127.0.0.1|
 *E85DC00A0137C6171923BE35EDD809573FB3AB4F |
  | root | ::1  |
   |
  |  | ericomtxmacbookpro.local |
 *E85DC00A0137C6171923BE35EDD809573FB3AB4F |
 
 +--+--+---+
  5 rows in set (0.00 sec)
 
  all passwords are filled in the db ...
 
  also ... I can connect through command line
 
  what I can't do is :
  1. connect or even ping inside eclipse using jconnector
 
  2. connect from a php app (mysql adim) with or with out pwd ...
  providing the error
 
 
Access denied for user 'root'@'localhost' (using password: YES)
 
 
Access denied for user 'root'@'localhost' (using password: NO)
 
 
  2.1 when I use 127.0.0.1 on mysql admin url ... I get a connection closed
 
  so ... my point is :
 
  in both cases  when using 127.0.0.1 or localhost ...
 
  can the OS be blocking the connection ?
 
  if so , how could I check this ?
 
  Regards
  Érico
 
 
  2014/1/13 Reindl Harald h.rei...@thelounge.net mailto:
 h.rei...@thelounge.net
 
  WTF - we are talking about *database connections* and *not*
 http-URL's
  the webserver is only the *messenger*
 
  Am 13.01.2014 18:54, schrieb Érico:
   using both urls I get the same error :
  
   http://localhost/mysql/index.php
   http://127.0.0.1/mysql/index.php
  
   in 127.0.0.1... after I submit the index.php ... it redirects to
 localhost
   too ..
  
   2014/1/13 Reindl Harald h.rei...@thelounge.net mailto:
 h.rei...@thelounge.net
  
  
  
   Am 13.01.2014 18:28, schrieb Érico:
   ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
   Enter password:
   Welcome to the MySQL monitor.  Commands end with ; or \g.
   Your MySQL connection id is 31
   Server version: 5.6.15 MySQL Community Server (GPL)
  
   but in the browser I get the error :
  
   Access denied for user 'root'@'localhost' (using password: YES)
  
   I can't find any information in error log and access log
  
   is there any command parameter that I should use when starting
 mysql so
   this doesn't happen?
  
   are you using localhost or 127.0.0.1 in the web-application
   root@localhost != root@127.0.0.1 mailto:root@127.0.0.1 =
 different users
  
   localhost: Unix-Socket
   127.0.0.1 http://127.0.0.1: TCP
 
 

 --

 Reindl Harald
 the lounge interactive design GmbH
 A-1060 Vienna, Hofmühlgasse 17
 CTO / CISO / Software-Development
 m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
 icq: 154546673, http://www.thelounge.net/

 http://www.thelounge.net/signature.asc.what.htm

Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

Hi

I have installed mysql admin on my local environment

I am able to connect to mysql through command line :

ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 31
Server version: 5.6.15 MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql

...

but in the browser I get the error :

Access denied for user 'root'@'localhost' (using password: YES)

I can't find any information in error log and access log

is there any command parameter that I should use when starting mysql so
this doesn't happen ?

I am starting it this way :

sudo ./mysql.server start

my /etc/hosts file :

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1 localhost
#fe80::1%lo0localhost
127.0.0.1   ericomtxmacbookpro.local
127.0.0.1   mysqld


Thks
Érico

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Reindl Harald]

Am 13.01.2014 18:28, schrieb Érico:
 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
 Enter password:
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 31
 Server version: 5.6.15 MySQL Community Server (GPL)

 but in the browser I get the error :
 
 Access denied for user 'root'@'localhost' (using password: YES)
 
 I can't find any information in error log and access log
 
 is there any command parameter that I should use when starting mysql so
 this doesn't happen?

are you using localhost or 127.0.0.1 in the web-application
root@localhost != root@127.0.0.1 = different users

localhost: Unix-Socket
127.0.0.1: TCP





signature.asc
Description: OpenPGP digital signature

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Erick Ocrospoma]

From that error I would suspect you are trying to access to a database
where has not external access. And yeah, try by doing

$ mysql -u root -p database -h localhost -P 3306

change localhost by 127.0.0.1 in order to test if both cases work, and
see which of them (localhost/127.0.0.1) is defined in your web app as
you've been told in the mail before.

On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net wrote:


 Am 13.01.2014 18:28, schrieb Érico:
 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
 Enter password:
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 31
 Server version: 5.6.15 MySQL Community Server (GPL)

 but in the browser I get the error :

 Access denied for user 'root'@'localhost' (using password: YES)

 I can't find any information in error log and access log

 is there any command parameter that I should use when starting mysql so
 this doesn't happen?

 are you using localhost or 127.0.0.1 in the web-application
 root@localhost != root@127.0.0.1 = different users

 localhost: Unix-Socket
 127.0.0.1: TCP






-- 





~ Happy install !



Erick.


---

Cellphone   :  +51 950307809
Blog:  http://zerick.me/
LUG:  http://www.utpinux.org
IRC :   zerick
About :  http://about.me/zerick
Linux User ID :  549567

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

using both urls I get the same error :

http://localhost/mysql/index.php
http://127.0.0.1/mysql/index.php

in 127.0.0.1... after I submit the index.php ... it redirects to localhost
too ..


2014/1/13 Reindl Harald h.rei...@thelounge.net



 Am 13.01.2014 18:28, schrieb Érico:
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
  Enter password:
  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 31
  Server version: 5.6.15 MySQL Community Server (GPL)
 
  but in the browser I get the error :
 
  Access denied for user 'root'@'localhost' (using password: YES)
 
  I can't find any information in error log and access log
 
  is there any command parameter that I should use when starting mysql so
  this doesn't happen?

 are you using localhost or 127.0.0.1 in the web-application
 root@localhost != root@127.0.0.1 = different users

 localhost: Unix-Socket
 127.0.0.1: TCP

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

using localhost the coonection works ...
ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
localhost -P 3306
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 97
Server version: 5.6.15 MySQL Community Server (GPL)




but using 127.0.0.1 no :

ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
127.0.0.1 -P 3306
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
password: YES)
ericomtxmacbookpro:bin ericomtx$



2014/1/13 Erick Ocrospoma zipper1...@gmail.com

 From that error I would suspect you are trying to access to a database
 where has not external access. And yeah, try by doing

 $ mysql -u root -p database -h localhost -P 3306

 change localhost by 127.0.0.1 in order to test if both cases work, and
 see which of them (localhost/127.0.0.1) is defined in your web app as
 you've been told in the mail before.

 On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net wrote:
 
 
  Am 13.01.2014 18:28, schrieb Érico:
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
  Enter password:
  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 31
  Server version: 5.6.15 MySQL Community Server (GPL)
 
  but in the browser I get the error :
 
  Access denied for user 'root'@'localhost' (using password: YES)
 
  I can't find any information in error log and access log
 
  is there any command parameter that I should use when starting mysql so
  this doesn't happen?
 
  are you using localhost or 127.0.0.1 in the web-application
  root@localhost != root@127.0.0.1 = different users
 
  localhost: Unix-Socket
  127.0.0.1: TCP
 
 
 



 --





 ~ Happy install !



 Erick.


 ---

 Cellphone   :  +51 950307809
 Blog:  http://zerick.me/
 LUG:  http://www.utpinux.org
 IRC :   zerick
 About :  http://about.me/zerick
 Linux User ID :  549567

 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Erick Ocrospoma]

I presume your index.php file uses 127.0.0.1. After login to MySQL try this:

$ grant all privileges to *.* 'root'@'127.0.0.1' identified by yourpassword;

Of course this could not be the best solution, it's just to skip it,
you must look at the query/connection on your php file.

On 13 January 2014 12:57, Érico erico...@gmail.com wrote:
 using localhost the coonection works ...
 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h localhost
 -P 3306
 Enter password:
 Reading table information for completion of table and column names
 You can turn off this feature to get a quicker startup with -A


 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 97

 Server version: 5.6.15 MySQL Community Server (GPL)


 

 but using 127.0.0.1 no :

 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h 127.0.0.1
 -P 3306
 Enter password:
 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
 password: YES)
 ericomtxmacbookpro:bin ericomtx$



 2014/1/13 Erick Ocrospoma zipper1...@gmail.com

 From that error I would suspect you are trying to access to a database
 where has not external access. And yeah, try by doing

 $ mysql -u root -p database -h localhost -P 3306

 change localhost by 127.0.0.1 in order to test if both cases work, and
 see which of them (localhost/127.0.0.1) is defined in your web app as
 you've been told in the mail before.

 On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net wrote:
 
 
  Am 13.01.2014 18:28, schrieb Érico:
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
  Enter password:
  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 31
  Server version: 5.6.15 MySQL Community Server (GPL)
 
  but in the browser I get the error :
 
  Access denied for user 'root'@'localhost' (using password: YES)
 
  I can't find any information in error log and access log
 
  is there any command parameter that I should use when starting mysql so
  this doesn't happen?
 
  are you using localhost or 127.0.0.1 in the web-application
  root@localhost != root@127.0.0.1 = different users
 
  localhost: Unix-Socket
  127.0.0.1: TCP
 
 
 



 --





 ~ Happy install !



 Erick.


 ---

 Cellphone   :  +51 950307809
 Blog:  http://zerick.me/
 LUG:  http://www.utpinux.org
 IRC :   zerick
 About :  http://about.me/zerick
 Linux User ID :  549567

 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql





-- 





~ Happy install !



Erick.


---

Cellphone   :  +51 950307809
Blog:  http://zerick.me/
LUG:  http://www.utpinux.org
IRC :   zerick
About :  http://about.me/zerick
Linux User ID :  549567

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Erick Ocrospoma]

I forgot this. Do it too.

On 13 January 2014 13:01, Erick Ocrospoma zipper1...@gmail.com wrote:
 I presume your index.php file uses 127.0.0.1. After login to MySQL try this:

 $ grant all privileges to *.* 'root'@'127.0.0.1' identified by 
 yourpassword;
$ flush privileges;

 Of course this could not be the best solution, it's just to skip it,
 you must look at the query/connection on your php file.

 On 13 January 2014 12:57, Érico erico...@gmail.com wrote:
 using localhost the coonection works ...
 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h localhost
 -P 3306
 Enter password:
 Reading table information for completion of table and column names
 You can turn off this feature to get a quicker startup with -A


 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 97

 Server version: 5.6.15 MySQL Community Server (GPL)


 

 but using 127.0.0.1 no :

 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h 127.0.0.1
 -P 3306
 Enter password:
 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
 password: YES)
 ericomtxmacbookpro:bin ericomtx$



 2014/1/13 Erick Ocrospoma zipper1...@gmail.com

 From that error I would suspect you are trying to access to a database
 where has not external access. And yeah, try by doing

 $ mysql -u root -p database -h localhost -P 3306

 change localhost by 127.0.0.1 in order to test if both cases work, and
 see which of them (localhost/127.0.0.1) is defined in your web app as
 you've been told in the mail before.

 On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net wrote:
 
 
  Am 13.01.2014 18:28, schrieb Érico:
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
  Enter password:
  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 31
  Server version: 5.6.15 MySQL Community Server (GPL)
 
  but in the browser I get the error :
 
  Access denied for user 'root'@'localhost' (using password: YES)
 
  I can't find any information in error log and access log
 
  is there any command parameter that I should use when starting mysql so
  this doesn't happen?
 
  are you using localhost or 127.0.0.1 in the web-application
  root@localhost != root@127.0.0.1 = different users
 
  localhost: Unix-Socket
  127.0.0.1: TCP
 
 
 



 --





 ~ Happy install !



 Erick.


 ---

 Cellphone   :  +51 950307809
 Blog:  http://zerick.me/
 LUG:  http://www.utpinux.org
 IRC :   zerick
 About :  http://about.me/zerick
 Linux User ID :  549567

 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql





 --





 ~ Happy install !



 Erick.


 ---

 Cellphone   :  +51 950307809
 Blog:  http://zerick.me/
 LUG:  http://www.utpinux.org
 IRC :   zerick
 About :  http://about.me/zerick
 Linux User ID :  549567



-- 





~ Happy install !



Erick.


---

Cellphone   :  +51 950307809
Blog:  http://zerick.me/
LUG:  http://www.utpinux.org
IRC :   zerick
About :  http://about.me/zerick
Linux User ID :  549567

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

the granting is not affecting the tables:

mysql grant all privileges on *.* to root@localhost identified by 'pwd';
Query OK, 0 rows affected (0.00 sec)

mysql FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

...

and if I try the granting in 127.0.0.1 :
mysql grant all privileges to *.* 'root'@'127.0.0.1' identified by
kernel26;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use
near 'to *.* 'root'@'127.0.0.1' identified by kernel26' at line 1

...


in eclipse using jconnector ... I get the same error :
when pinging :

java.sql.SQLException: Access denied for user 'root'@'localhost' (using
password: YES)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1086)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4237)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4169)



Could not connect to New MySQL.
Error creating SQL Model Connection connection to New MySQL. (Error: Access
denied for user 'root'@'localhost' (using password: YES))
Access denied for user 'root'@'localhost' (using password: YES)




2014/1/13 Erick Ocrospoma zipper1...@gmail.com

 I forgot this. Do it too.

 On 13 January 2014 13:01, Erick Ocrospoma zipper1...@gmail.com wrote:
  I presume your index.php file uses 127.0.0.1. After login to MySQL try
 this:
 
  $ grant all privileges to *.* 'root'@'127.0.0.1' identified by
 yourpassword;
 $ flush privileges;
 
  Of course this could not be the best solution, it's just to skip it,
  you must look at the query/connection on your php file.
 
  On 13 January 2014 12:57, Érico erico...@gmail.com wrote:
  using localhost the coonection works ...
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
 localhost
  -P 3306
  Enter password:
  Reading table information for completion of table and column names
  You can turn off this feature to get a quicker startup with -A
 
 
  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 97
 
  Server version: 5.6.15 MySQL Community Server (GPL)
 
 
  
 
  but using 127.0.0.1 no :
 
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
 127.0.0.1
  -P 3306
  Enter password:
  ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
  password: YES)
  ericomtxmacbookpro:bin ericomtx$
 
 
 
  2014/1/13 Erick Ocrospoma zipper1...@gmail.com
 
  From that error I would suspect you are trying to access to a database
  where has not external access. And yeah, try by doing
 
  $ mysql -u root -p database -h localhost -P 3306
 
  change localhost by 127.0.0.1 in order to test if both cases work, and
  see which of them (localhost/127.0.0.1) is defined in your web app as
  you've been told in the mail before.
 
  On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net
 wrote:
  
  
   Am 13.01.2014 18:28, schrieb Érico:
   ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
   Enter password:
   Welcome to the MySQL monitor.  Commands end with ; or \g.
   Your MySQL connection id is 31
   Server version: 5.6.15 MySQL Community Server (GPL)
  
   but in the browser I get the error :
  
   Access denied for user 'root'@'localhost' (using password: YES)
  
   I can't find any information in error log and access log
  
   is there any command parameter that I should use when starting
 mysql so
   this doesn't happen?
  
   are you using localhost or 127.0.0.1 in the web-application
   root@localhost != root@127.0.0.1 = different users
  
   localhost: Unix-Socket
   127.0.0.1: TCP
  
  
  
 
 
 
  --
 
 
 
 
 
  ~ Happy install !
 
 
 
  Erick.
 
 
  ---
 
  Cellphone   :  +51 950307809
  Blog:  http://zerick.me/
  LUG:  http://www.utpinux.org
  IRC :   zerick
  About :  http://about.me/zerick
  Linux User ID :  549567
 
  --
  MySQL General Mailing List
  For list archives: http://lists.mysql.com/mysql
  To unsubscribe:http://lists.mysql.com/mysql
 
 
 
 
 
  --
 
 
 
 
 
  ~ Happy install !
 
 
 
  Erick.
 
 
  ---
 
  Cellphone   :  +51 950307809
  Blog:  http://zerick.me/
  LUG:  http://www.utpinux.org
  IRC :   zerick
  About :  http://about.me/zerick
  Linux User ID :  549567



 --





 ~ Happy install !



 Erick.


 ---

 Cellphone   :  +51 950307809
 Blog:  http://zerick.me/
 LUG:  http://www.utpinux.org
 IRC :   zerick
 About :  http://about.me/zerick
 Linux User ID :  549567

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Erick Ocrospoma]

On 13 January 2014 13:25, Érico erico...@gmail.com wrote:
 the granting is not affecting the tables:

 mysql grant all privileges on *.* to root@localhost identified by 'pwd';
 Query OK, 0 rows affected (0.00 sec)

 mysql FLUSH PRIVILEGES;
 Query OK, 0 rows affected (0.00 sec)

 ...

 and if I try the granting in 127.0.0.1 :
 mysql grant all privileges to *.* 'root'@'127.0.0.1' identified by
 kernel26;
 ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
 that corresponds to your MySQL server version for the right syntax to use
 near 'to *.* 'root'@'127.0.0.1' identified by kernel26' at line 1
It's my error :)  It should be:

mysql grant all privileges on *.* to 'root'@'127.0.0.1' identified by
'kernel26';

 ...


 in eclipse using jconnector ... I get the same error :
 when pinging :

 java.sql.SQLException: Access denied for user 'root'@'localhost' (using
 password: YES)
 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1086)
 at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4237)
 at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4169)

 

 Could not connect to New MySQL.
 Error creating SQL Model Connection connection to New MySQL. (Error: Access
 denied for user 'root'@'localhost' (using password: YES))
 Access denied for user 'root'@'localhost' (using password: YES)




 2014/1/13 Erick Ocrospoma zipper1...@gmail.com

 I forgot this. Do it too.

 On 13 January 2014 13:01, Erick Ocrospoma zipper1...@gmail.com wrote:
  I presume your index.php file uses 127.0.0.1. After login to MySQL try
 this:
 
  $ grant all privileges to *.* 'root'@'127.0.0.1' identified by
 yourpassword;
 $ flush privileges;
 
  Of course this could not be the best solution, it's just to skip it,
  you must look at the query/connection on your php file.
 
  On 13 January 2014 12:57, Érico erico...@gmail.com wrote:
  using localhost the coonection works ...
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
 localhost
  -P 3306
  Enter password:
  Reading table information for completion of table and column names
  You can turn off this feature to get a quicker startup with -A
 
 
  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 97
 
  Server version: 5.6.15 MySQL Community Server (GPL)
 
 
  
 
  but using 127.0.0.1 no :
 
  ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
 127.0.0.1
  -P 3306
  Enter password:
  ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
  password: YES)
  ericomtxmacbookpro:bin ericomtx$
 
 
 
  2014/1/13 Erick Ocrospoma zipper1...@gmail.com
 
  From that error I would suspect you are trying to access to a database
  where has not external access. And yeah, try by doing
 
  $ mysql -u root -p database -h localhost -P 3306
 
  change localhost by 127.0.0.1 in order to test if both cases work, and
  see which of them (localhost/127.0.0.1) is defined in your web app as
  you've been told in the mail before.
 
  On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net
 wrote:
  
  
   Am 13.01.2014 18:28, schrieb Érico:
   ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
   Enter password:
   Welcome to the MySQL monitor.  Commands end with ; or \g.
   Your MySQL connection id is 31
   Server version: 5.6.15 MySQL Community Server (GPL)
  
   but in the browser I get the error :
  
   Access denied for user 'root'@'localhost' (using password: YES)
  
   I can't find any information in error log and access log
  
   is there any command parameter that I should use when starting
 mysql so
   this doesn't happen?
  
   are you using localhost or 127.0.0.1 in the web-application
   root@localhost != root@127.0.0.1 = different users
  
   localhost: Unix-Socket
   127.0.0.1: TCP
  
  
  
 
 
 
  --
 
 
 
 
 
  ~ Happy install !
 
 
 
  Erick.
 
 
  ---
 
  Cellphone   :  +51 950307809
  Blog:  http://zerick.me/
  LUG:  http://www.utpinux.org
  IRC :   zerick
  About :  http://about.me/zerick
  Linux User ID :  549567
 
  --
  MySQL General Mailing List
  For list archives: http://lists.mysql.com/mysql
  To unsubscribe:http://lists.mysql.com/mysql
 
 
 
 
 
  --
 
 
 
 
 
  ~ Happy install !
 
 
 
  Erick.
 
 
  ---
 
  Cellphone   :  +51 950307809
  Blog:  http://zerick.me/
  LUG:  http://www.utpinux.org
  IRC :   zerick
  About :  http://about.me/zerick
  Linux User ID :  549567



 --





 ~ Happy install !



 Erick.


 ---

 Cellphone   :  +51 950307809
 Blog:  http://zerick.me/
 LUG:  http://www.utpinux.org
 IRC :   zerick
 About :  http://about.me/zerick
 Linux User ID :  549567




-- 





~ Happy install !



Erick.


---

Cellphone   :  +51 950307809
Blog:  http://zerick.me/
LUG:  http://www.utpinux.org
IRC :   zerick
About :  http://about.me/zerick
Linux User ID :  549567

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

Hi

didn't work

look ... isn't this something related to this :

are you using localhost or 127.0.0.1 in the web-application
root@localhost != root@127.0.0.1 = different users

localhost: Unix-Socket
127.0.0.1: TCP

...

since I am not able to stabilsh a connection even with using eclipse ...

my /etc/hosts file :

##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1 localhost
#fe80::1%lo0localhost
127.0.0.1   ericomtxmacbookpro.local
#127.0.0.1   mysqld





2014/1/13 Erick Ocrospoma zipper1...@gmail.com

 On 13 January 2014 13:25, Érico erico...@gmail.com wrote:
  the granting is not affecting the tables:
 
  mysql grant all privileges on *.* to root@localhost identified by
 'pwd';
  Query OK, 0 rows affected (0.00 sec)
 
  mysql FLUSH PRIVILEGES;
  Query OK, 0 rows affected (0.00 sec)
 
  ...
 
  and if I try the granting in 127.0.0.1 :
  mysql grant all privileges to *.* 'root'@'127.0.0.1' identified by
  kernel26;
  ERROR 1064 (42000): You have an error in your SQL syntax; check the
 manual
  that corresponds to your MySQL server version for the right syntax to use
  near 'to *.* 'root'@'127.0.0.1' identified by kernel26' at line 1
 It's my error :)  It should be:

 mysql grant all privileges on *.* to 'root'@'127.0.0.1' identified by
 'kernel26';
 
  ...
 
 
  in eclipse using jconnector ... I get the same error :
  when pinging :
 
  java.sql.SQLException: Access denied for user 'root'@'localhost' (using
  password: YES)
  at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1086)
  at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4237)
  at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4169)
 
  
 
  Could not connect to New MySQL.
  Error creating SQL Model Connection connection to New MySQL. (Error:
 Access
  denied for user 'root'@'localhost' (using password: YES))
  Access denied for user 'root'@'localhost' (using password: YES)
 
 
 
 
  2014/1/13 Erick Ocrospoma zipper1...@gmail.com
 
  I forgot this. Do it too.
 
  On 13 January 2014 13:01, Erick Ocrospoma zipper1...@gmail.com wrote:
   I presume your index.php file uses 127.0.0.1. After login to MySQL
 try
  this:
  
   $ grant all privileges to *.* 'root'@'127.0.0.1' identified by
  yourpassword;
  $ flush privileges;
  
   Of course this could not be the best solution, it's just to skip it,
   you must look at the query/connection on your php file.
  
   On 13 January 2014 12:57, Érico erico...@gmail.com wrote:
   using localhost the coonection works ...
   ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
  localhost
   -P 3306
   Enter password:
   Reading table information for completion of table and column names
   You can turn off this feature to get a quicker startup with -A
  
  
   Welcome to the MySQL monitor.  Commands end with ; or \g.
   Your MySQL connection id is 97
  
   Server version: 5.6.15 MySQL Community Server (GPL)
  
  
   
  
   but using 127.0.0.1 no :
  
   ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin -h
  127.0.0.1
   -P 3306
   Enter password:
   ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
   password: YES)
   ericomtxmacbookpro:bin ericomtx$
  
  
  
   2014/1/13 Erick Ocrospoma zipper1...@gmail.com
  
   From that error I would suspect you are trying to access to a
 database
   where has not external access. And yeah, try by doing
  
   $ mysql -u root -p database -h localhost -P 3306
  
   change localhost by 127.0.0.1 in order to test if both cases work,
 and
   see which of them (localhost/127.0.0.1) is defined in your web app
 as
   you've been told in the mail before.
  
   On 13 January 2014 12:36, Reindl Harald h.rei...@thelounge.net
  wrote:
   
   
Am 13.01.2014 18:28, schrieb Érico:
ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 31
Server version: 5.6.15 MySQL Community Server (GPL)
   
but in the browser I get the error :
   
Access denied for user 'root'@'localhost' (using password: YES)
   
I can't find any information in error log and access log
   
is there any command parameter that I should use when starting
  mysql so
this doesn't happen?
   
are you using localhost or 127.0.0.1 in the web-application
root@localhost != root@127.0.0.1 = different users
   
localhost: Unix-Socket
127.0.0.1: TCP
   
   
   
  
  
  
   --
  
  
  
  
  
   ~ Happy install !
  
  
  
   Erick.
  
  
   ---
  
   Cellphone   :  +51 950307809
   Blog:  http://zerick.me/
   LUG:  http://www.utpinux.org
   IRC :   zerick
   About :  http://about.me/zerick
   Linux User ID :  549567
  
   --
   MySQL General Mailing List
   For list archives: http://lists.mysql.com/mysql
   To unsubscribe:http://lists.mysql.com/mysql
  
  
  
  
  
   --
  
  
  
  
  
   ~ Happy install

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[shawn l.green]

Hello Érico,

On 1/13/2014 1:49 PM, Érico wrote:

Hi

didn't work

look ... isn't this something related to this :

are you using localhost or 127.0.0.1 in the web-application
root@localhost != root@127.0.0.1 = different users

localhost: Unix-Socket
127.0.0.1: TCP

...

since I am not able to stabilsh a connection even with using eclipse ...

my /etc/hosts file :

##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1 localhost
#fe80::1%lo0localhost
127.0.0.1   ericomtxmacbookpro.local
#127.0.0.1   mysqld



The thing to remember is that 'localhost' or '127.0.0.1' is where the 
server believes the connection is coming from. The password you must be 
using in your client connection attempt must match the one used on the 
server for the mysql user 'root'@'localhost' or you will not authenticate.


You also need to remember that if your .php page is on a different 
machine, it is not connecting to the same mysqld that you have running 
in your development machine (your personal environment). Your .PHP page 
is trying to connect to the one running on its host machine. That user 
'root' may have an entirely different password.


Your programs are connecting fine. If they didn't you would get a 
different message. They are failing to authenticate which means that the 
mysqld they are connecting to does not recognize the password you are 
using for the account you are trying to authenticate as.


Regards,
--
Shawn Green
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Érico]

Hi

no connections outside command line are being accepted . I have connected
through command line , but not using eclipse for example ... it gets the
same error from the web app

my apache and pages are in the same computer that mysql

I am not getting password issues.. otherwise I would not connect through
command line

Thks


2014/1/13 shawn l.green shawn.l.gr...@oracle.com

 Hello Érico,


 On 1/13/2014 1:49 PM, Érico wrote:

 Hi

 didn't work

 look ... isn't this something related to this :

 are you using localhost or 127.0.0.1 in the web-application
 root@localhost != root@127.0.0.1 = different users

 localhost: Unix-Socket
 127.0.0.1: TCP

 ...

 since I am not able to stabilsh a connection even with using eclipse ...

 my /etc/hosts file :

 ##
 127.0.0.1   localhost
 255.255.255.255 broadcasthost
 ::1 localhost
 #fe80::1%lo0localhost
 127.0.0.1   ericomtxmacbookpro.local
 #127.0.0.1   mysqld


 The thing to remember is that 'localhost' or '127.0.0.1' is where the
 server believes the connection is coming from. The password you must be
 using in your client connection attempt must match the one used on the
 server for the mysql user 'root'@'localhost' or you will not authenticate.

 You also need to remember that if your .php page is on a different
 machine, it is not connecting to the same mysqld that you have running in
 your development machine (your personal environment). Your .PHP page is
 trying to connect to the one running on its host machine. That user 'root'
 may have an entirely different password.

 Your programs are connecting fine. If they didn't you would get a
 different message. They are failing to authenticate which means that the
 mysqld they are connecting to does not recognize the password you are using
 for the account you are trying to authenticate as.

 Regards,
 --
 Shawn Green
 MySQL Senior Principal Technical Support Engineer
 Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
 Office: Blountville, TN


 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Reindl Harald]

WTF - we are talking about *database connections* and *not* http-URL's
the webserver is only the *messenger*

Am 13.01.2014 18:54, schrieb Érico:
 using both urls I get the same error :
 
 http://localhost/mysql/index.php
 http://127.0.0.1/mysql/index.php
 
 in 127.0.0.1... after I submit the index.php ... it redirects to localhost
 too ..
 
 2014/1/13 Reindl Harald h.rei...@thelounge.net
 


 Am 13.01.2014 18:28, schrieb Érico:
 ericomtxmacbookpro:bin ericomtx$ ./mysql -u root -p mysql-admin
 Enter password:
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 31
 Server version: 5.6.15 MySQL Community Server (GPL)

 but in the browser I get the error :

 Access denied for user 'root'@'localhost' (using password: YES)

 I can't find any information in error log and access log

 is there any command parameter that I should use when starting mysql so
 this doesn't happen?

 are you using localhost or 127.0.0.1 in the web-application
 root@localhost != root@127.0.0.1 = different users

 localhost: Unix-Socket
 127.0.0.1: TCP



signature.asc
Description: OpenPGP digital signature

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Reindl Harald]

*your application* is connecting to mysql
*your application* is using a hostname
*your application* *may* use 127.0.0.1
*your application* should use localhost to *connect to the databse*
*your application* can only use TCP *if there is* a *mysql user* with *that 
host*

http://dev.mysql.com/doc/refman/5.5/en/can-not-connect-to-server.html

Am 13.01.2014 20:38, schrieb Érico:
 no connections outside command line are being accepted . I have connected
 through command line , but not using eclipse for example ... it gets the
 same error from the web app
 
 my apache and pages are in the same computer that mysql
 
 I am not getting password issues.. otherwise I would not connect through
 command line
 
 2014/1/13 shawn l.green shawn.l.gr...@oracle.com
 
 On 1/13/2014 1:49 PM, Érico wrote:

 Hi

 didn't work

 look ... isn't this something related to this :

 are you using localhost or 127.0.0.1 in the web-application
 root@localhost != root@127.0.0.1 = different users

 localhost: Unix-Socket
 127.0.0.1: TCP

 ...

 since I am not able to stabilsh a connection even with using eclipse ...

 my /etc/hosts file :

 ##
 127.0.0.1   localhost
 255.255.255.255 broadcasthost
 ::1 localhost
 #fe80::1%lo0localhost
 127.0.0.1   ericomtxmacbookpro.local
 #127.0.0.1   mysqld


 The thing to remember is that 'localhost' or '127.0.0.1' is where the
 server believes the connection is coming from. The password you must be
 using in your client connection attempt must match the one used on the
 server for the mysql user 'root'@'localhost' or you will not authenticate.

 You also need to remember that if your .php page is on a different
 machine, it is not connecting to the same mysqld that you have running in
 your development machine (your personal environment). Your .PHP page is
 trying to connect to the one running on its host machine. That user 'root'
 may have an entirely different password.

 Your programs are connecting fine. If they didn't you would get a
 different message. They are failing to authenticate which means that the
 mysqld they are connecting to does not recognize the password you are using
 for the account you are trying to authenticate as.



signature.asc
Description: OpenPGP digital signature

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[shawn l.green]

Hello Reindl,

On 1/13/2014 3:01 PM, Reindl Harald wrote:

*your application* is connecting to mysql
*your application* is using a hostname
*your application* *may* use 127.0.0.1
*your application* should use localhost to *connect to the databse*
*your application* can only use TCP *if there is* a *mysql user* with *that 
host*

http://dev.mysql.com/doc/refman/5.5/en/can-not-connect-to-server.html




... snip ...

The problem is, his other clients (his php page,his eclipse environment) 
is where he has problems making the connection from. His direct 
connection (using the mysql command line client) is having no problems.


So, the issues are:
* Why is a client connection, from the same host as the mysqld server, 
initiated from his PHP code failing to connect?


* Why is a client connection, from the same host machine as his mysqld 
server, initiated from his Eclipse programming tool failing to connect?



We are not saying he is using HTTP commands to log into his database.
We have clarified that both his client and his server are on the same host.

My last advice is that the password he is providing through his other 
clients must be incorrect. I even suggested that he may be validating 
his account on one instance but his tools are attempting to connect to a 
different instance.


And whether I say
   mysql -u root -h localhost  (via Unix socket)

or I say
   mysql -u root -h 127.0.0.1  (via TCP socket)

they may /both/ be reported as 'localhost' in the error message because 
of how the reverse DNS lookup happens during the user authentication 
process and the contents of his local /etc/hosts file.

http://dev.mysql.com/doc/refman/5.6/en/connection-access.html


Does that give you a better image of the current problem?
--
Shawn Green
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

RE: Access denied for user 'root'@'localhost' (using password:

[Vikas Shukla]

 YES) on mysql admin
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol=application/pgp-signature;
 boundary=wmcsLTXQx7E3jAVxUD1b39Xfw2SDoi7cu

--wmcsLTXQx7E3jAVxUD1b39Xfw2SDoi7cu
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Please provide the output of the below query.

Select user, host, password from mysql.user;

Thanks

Vikas Shukla
Mail Sent from my Windows Phone From: Reindl Harald
Sent: =E2=80=8E14-=E2=80=8E01-=E2=80=8E2014 01:38
To: mysql@lists.mysql.com
Subject: Re: Access denied for user 'root'@'localhost' (using password:
YES) on mysql admin
*your application* is connecting to mysql
*your application* is using a hostname
*your application* *may* use 127.0.0.1
*your application* should use localhost to *connect to the databse*
*your application* can only use TCP *if there is* a *mysql user* with *that=
 host*

http://dev.mysql.com/doc/refman/5.5/en/can-not-connect-to-server.html

Am 13.01.2014 20:38, schrieb =C3=89rico:
 no connections outside command line are being accepted . I have connected
 through command line , but not using eclipse for example ... it gets the
 same error from the web app
=20
 my apache and pages are in the same computer that mysql
=20
 I am not getting password issues.. otherwise I would not connect through
 command line
=20
 2014/1/13 shawn l.green shawn.l.gr...@oracle.com
=20
 On 1/13/2014 1:49 PM, =C3=89rico wrote:

 Hi

 didn't work

 look ... isn't this something related to this :

 are you using localhost or 127.0.0.1 in the web-application
 root@localhost !=3D root@127.0.0.1 =3D different users

 localhost: Unix-Socket
 127.0.0.1: TCP

 ...

 since I am not able to stabilsh a connection even with using eclipse ..=
.

 my /etc/hosts file :

 ##
 127.0.0.1   localhost
 255.255.255.255 broadcasthost
 ::1 localhost
 #fe80::1%lo0localhost
 127.0.0.1   ericomtxmacbookpro.local
 #127.0.0.1   mysqld


 The thing to remember is that 'localhost' or '127.0.0.1' is where the
 server believes the connection is coming from. The password you must be
 using in your client connection attempt must match the one used on the
 server for the mysql user 'root'@'localhost' or you will not authenticat=
e.

 You also need to remember that if your .php page is on a different
 machine, it is not connecting to the same mysqld that you have running i=
n
 your development machine (your personal environment). Your .PHP page is
 trying to connect to the one running on its host machine. That user 'roo=
t'
 may have an entirely different password.

 Your programs are connecting fine. If they didn't you would get a
 different message. They are failing to authenticate which means that the
 mysqld they are connecting to does not recognize the password you are us=
ing
 for the account you are trying to authenticate as.


--wmcsLTXQx7E3jAVxUD1b39Xfw2SDoi7cu--

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Access denied for user 'root'@'localhost' (using password: YES) on mysql admin

[Reindl Harald]

Am 13.01.2014 21:47, schrieb shawn l.green:
 Hello Reindl,
 We are not saying he is using HTTP commands to log into his database

we excludes obviously the OP or his overall understanding :-)

Am 13.01.2014 18:54, schrieb Érico:
 using both urls I get the same error :

 http://localhost/mysql/index.php
 http://127.0.0.1/mysql/index.php

 in 127.0.0.1... after I submit the index.php ... it redirects to localhost
 too ..



signature.asc
Description: OpenPGP digital signature

User-defined variables not working ONLY on first query in chained replication

[Matthew Ward]

I've noticed a weird issue in our chained replication environment where when 
setting user-defined variables, the first time the variable is used in a 
session the value is NULL, but all uses thereafter work correctly.

The environment is such: we have a master (master1), which has a slave which is 
also a master (master3), which itself has slaves (master3-slave1), i.e.:

master1 - master3 - master3-slave1

I can replicate my issue with a very simple setup. I simply create a test table 
with one TEXT column, and I set a user-defined variable:

CREATE TABLE test_table (id INT(10) PRIMARY KEY AUTO_INCREMENT, result TEXT) 
ENGINE=InnoDB;
SET @mynewvariable = testvalue
And then insert the variable into the test table:

INSERT INTO test_table VALUES (NULL, @mynewvariable);
The first time I run this insert, the value is correctly inserted in to master1 
and its slave, master3 (as you'd expect). However, a NULL value is inserted 
into master3-slave1. However, if I run the INSERT a second time (just the 
insert, no re-declaration of the user-defined variable), the value is correctly 
inserted in to all three servers, so that the contents of test_table on the 
three servers looks as follows:

master1   master3   master3-slave1
- - --
testvalue testvalue NULL
testvalue testvalue testvalue
I don't believe this is related to replication delay, because even if I leave a 
while between setting the variable and running the first INSERT, the result is 
always the same. The problem is agnostic of table format or how complex the 
table is, we can reproduce it exactly like this all of the time.

Is this a known issue in MySQL with chained replication like this, or have I 
discovered a bug?

Server version information:

master1: Percona Server 5.5.28-29.1
master3: Percona Server 5.5.28-29.3
master3-slave1: Percona Server 5.5.20-55

-- 


Global Personals is a limited company registered in England and Wales. 
Registered number: 04880697. 
Registered office: Minton Place, Victoria Street, Windsor, Berkshire, SL4 
1EG, United Kingdom.

Re: User-defined variables not working ONLY on first query in chained replication

[Jesper Wisborg Krogh]

Hi Matthew,

On 16/07/2013 21:21, Matthew Ward wrote:

I've noticed a weird issue in our chained replication environment where when 
setting user-defined variables, the first time the variable is used in a 
session the value is NULL, but all uses thereafter work correctly.

snip

The first time I run this insert, the value is correctly inserted in to master1 
and its slave, master3 (as you'd expect). However, a NULL value is inserted 
into master3-slave1. However, if I run the INSERT a second time (just the 
insert, no re-declaration of the user-defined variable), the value is correctly 
inserted in to all three servers, so that the contents of test_table on the 
three servers looks as follows:

snip

Is this a known issue in MySQL with chained replication like this, or have I 
discovered a bug?


Do you happen to have any table level replication filters? If so it 
sounds like you are affected by a bug that was fixed in 5.5.32 
(https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html):


*Replication:*Running the server with both the|--log-slave-updates| 
http://dev.mysql.com/doc/refman/5.5/en/replication-options-slave.html#option_mysqld_log-slave-updatesand|--replicate-wild-ignore-table| 
http://dev.mysql.com/doc/refman/5.5/en/replication-options-slave.html#option_mysqld_replicate-wild-ignore-tableoptions 
in some cases caused updates to user variables not to be logged.


(Note: at least replicate-ignore-table is also triggering that bug).

Best regards,
Jesper Krogh
MySQL Support

Re: mysql Ver 14.12 Distrib 5.0.27 user privileges question

[Prabhat Kumar]

you need CREATE Privileges.

http://dev.mysql.com/doc/refman/5.0/en/grant.html#grant-privileges

On Wed, Feb 27, 2013 at 10:42 PM, Rajeev Prasad rp.ne...@yahoo.com wrote:

 Hello,

 currently on this version of MySQL a database has been built for me to
 use. and following privileges are given: I am not able to create a table on
 my own. what privileges I need to create and modify tables in this database?

 mysql  Ver 14.12 Distrib 5.0.27, for sun-solaris2.9 (sparc) using
 EditLine wrapper



 mysql show grants;

 +---+
 | Grants for myuserid@%
 |

 +---+
 | GRANT USAGE ON *.* TO 'myuserid'@'%' IDENTIFIED BY PASSWORD
 '*4EF5..6' |
 | GRANT SELECT, INSERT, UPDATE, DELETE ON `mydb`.* TO 'myuserid'@'%'
 |

 +---+
 2 rows in set (0.00 sec)

 mysql

 at % means I can do the operations from other hosts too? using ssh.

 thank you.




-- 
Best Regards,

Prabhat Kumar
MySQL DBA

My Blog: http://adminlinux.blogspot.com
My LinkedIn: http://www.linkedin.com/in/profileprabhat

Re: mysql Ver 14.12 Distrib 5.0.27 user privileges question

[Reindl Harald]

oh, osrry
i was focused on the  at % means I can do the operations from other hosts too?

Am 27.02.2013 19:00, schrieb Stillman:
 OP's first question:  I am not able to create a table on my own. what 
 privileges I need to create and modify tables in this database?
 
 The answer to that question is that he/she needs CREATE to create tables and 
 ALTER to alter them.
 
 -Original Message-
 From: Reindl Harald [mailto:h.rei...@thelounge.net]
 Sent: Wednesday, February 27, 2013 12:55 PM
 To: mysql@lists.mysql.com
 Subject: Re: mysql Ver 14.12 Distrib 5.0.27 user privileges question
 
 says who?
 
 you MAY need CREATE privileges
 but it not uncommon have a defined scheme and not allow the user to create or 
 drop tables, the user below is able to do anything for a common web-app
 
 to anser the OP's question
 
 % in mysql is the same as * for the bash so yes, % means any host
 
 Am 27.02.2013 18:38, schrieb Prabhat Kumar:
 you need CREATE Privileges.
 http://dev.mysql.com/doc/refman/5.0/en/grant.html#grant-privileges

 On Wed, Feb 27, 2013 at 10:42 PM, Rajeev Prasad rp.ne...@yahoo.com wrote:
 currently on this version of MySQL a database has been built for me
 to use. and following privileges are given: I am not able to create a
 table on my own. what privileges I need to create and modify tables in this 
 database?

 mysql  Ver 14.12 Distrib 5.0.27, for sun-solaris2.9 (sparc) using
 EditLine wrapper

 mysql show grants;

 +---+
 | Grants for myuserid@%
 |

 +---+
 | GRANT USAGE ON *.* TO 'myuserid'@'%' IDENTIFIED BY PASSWORD
 '*4EF5..6' |
 | GRANT SELECT, INSERT, UPDATE, DELETE ON `mydb`.* TO 'myuserid'@'%'
 +---+
 2 rows in set (0.00 sec)

 at % means I can do the operations from other hosts too? using ssh



signature.asc
Description: OpenPGP digital signature

Re: mysql Ver 14.12 Distrib 5.0.27 user privileges question

[Reindl Harald]

says who?

you MAY need CREATE privileges
but it not uncommon have a defined scheme and not allow
the user to create or drop tables, the user below is
able to do anything for a common web-app

to anser the OP's question

% in mysql is the same as * for the bash
so yes, % means any host

Am 27.02.2013 18:38, schrieb Prabhat Kumar:
 you need CREATE Privileges.
 http://dev.mysql.com/doc/refman/5.0/en/grant.html#grant-privileges
 
 On Wed, Feb 27, 2013 at 10:42 PM, Rajeev Prasad rp.ne...@yahoo.com wrote:
 currently on this version of MySQL a database has been built for me to
 use. and following privileges are given: I am not able to create a table on
 my own. what privileges I need to create and modify tables in this database?

 mysql  Ver 14.12 Distrib 5.0.27, for sun-solaris2.9 (sparc) using
 EditLine wrapper

 mysql show grants;

 +---+
 | Grants for myuserid@%
 |

 +---+
 | GRANT USAGE ON *.* TO 'myuserid'@'%' IDENTIFIED BY PASSWORD
 '*4EF5..6' |
 | GRANT SELECT, INSERT, UPDATE, DELETE ON `mydb`.* TO 'myuserid'@'%'
 +---+
 2 rows in set (0.00 sec)

 at % means I can do the operations from other hosts too? using ssh



signature.asc
Description: OpenPGP digital signature

RE: mysql Ver 14.12 Distrib 5.0.27 user privileges question

[Stillman, Benjamin]

OP's first question:  I am not able to create a table on my own. what 
privileges I need to create and modify tables in this database?

The answer to that question is that he/she needs CREATE to create tables and 
ALTER to alter them.


-Original Message-
From: Reindl Harald [mailto:h.rei...@thelounge.net]
Sent: Wednesday, February 27, 2013 12:55 PM
To: mysql@lists.mysql.com
Subject: Re: mysql Ver 14.12 Distrib 5.0.27 user privileges question

says who?

you MAY need CREATE privileges
but it not uncommon have a defined scheme and not allow the user to create or 
drop tables, the user below is able to do anything for a common web-app

to anser the OP's question

% in mysql is the same as * for the bash so yes, % means any host

Am 27.02.2013 18:38, schrieb Prabhat Kumar:
 you need CREATE Privileges.
 http://dev.mysql.com/doc/refman/5.0/en/grant.html#grant-privileges

 On Wed, Feb 27, 2013 at 10:42 PM, Rajeev Prasad rp.ne...@yahoo.com wrote:
 currently on this version of MySQL a database has been built for me
 to use. and following privileges are given: I am not able to create a
 table on my own. what privileges I need to create and modify tables in this 
 database?

 mysql  Ver 14.12 Distrib 5.0.27, for sun-solaris2.9 (sparc) using
 EditLine wrapper

 mysql show grants;

 +---+
 | Grants for myuserid@%
 |

 +---+
 | GRANT USAGE ON *.* TO 'myuserid'@'%' IDENTIFIED BY PASSWORD
 '*4EF5..6' |
 | GRANT SELECT, INSERT, UPDATE, DELETE ON `mydb`.* TO 'myuserid'@'%'
 +---+
 2 rows in set (0.00 sec)

 at % means I can do the operations from other hosts too? using ssh




Notice: This communication may contain privileged and/or confidential 
information. If you are not the intended recipient, please notify the sender by 
email, and immediately delete the message and any attachments without copying 
or disclosing them. LBI may, for any reason, intercept, access, use, and 
disclose any information that is communicated by or through, or which is stored 
on, its networks, applications, services, and devices.

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Automatic reply: access denied to non-root@localhost null-string user in USER_PRIVILEGES

[Shawn Green]

Hello Round,

On 12/27/2012 5:34 AM, Round Square wrote:

On 12/26/2012 01:25 PM, Igor Shevtsov wrote:

You mysql.user table might be corrupted.
If you have access to it as a root user, try check table mysql.user, and repair 
table mysql.user if table corruption was detected.
Alternatively, shut down mysql server, cd /var/lib/mysql/mysql (to your 
$datadir/mysql directory) and run
mysqlcheck -r mysql user




I deleted the row with the empty user from mysql.user, then restarted the 
daemon, and all seems back to normal now.

One lingering question is:  why did mysql allow this to happen?  Could this be 
considered a bug?  After all, an inadvertent and seemingly harmless insertion 
leads to authentication failure for all users.

Are there any other known similar gotchas?  The fix for this one appears so 
trivial as to perhaps NOT call for a restore-from-backup.  But there could be 
other similar glitches that might call for that?

Thanks!




No. Your tables were not corrupted. There is no need to restore from 
backup. In fact, it may have been an inappropriate restore that created 
this situation in the first place.


What you had was either an intentional or unintentional failure in 
security. The system was performing appropriately for the accounts that 
you had configured.








On 26/12/12 18:00, Round Square wrote:

...
Poking around in puzzlement and comparing the current, broken state with the 
functioning state (from backup) I discovered that in the broken version there 
is this extra line in the information_schema.USER_PRIVILEGES table:

| ''@'localhost' | NULL  | USAGE
   | NO   |

(Note the null-string user prepended to @localhost)

Again: the functional, non-broken state does NOT have this entry.  Thus, my 
current theory is that this line is the culprit.  Prior to the failure I had a 
surge of experimental installations, installing third-party software that 
created mysql tables, and can't clearly retrace everything I did, at this 
point, to pinpoint the installation that may have caused it.

Be that as it may...

(1) Is my theory correct?
(2) If that line should not be there...
 (a) How do I remove it, properly? I don't have debian-sys-maint 
privileges to delete the line. (Or do I?)
 (b) Are there other tables, besides USER_PRIVILEGES, that would need 
to be updated/purged



Yes. Your theory is correct. Why it had such an effect on your other 
logins is covered in the free, searchable, and publicly-available user 
manual (the only kind we have):

http://dev.mysql.com/doc/refman/5.5/en/connection-access.html

Removing a user account (a MySQL login) does not require 
debian-sys-maint privileges as this is not a Linux-level account. You 
need an appropriately-privileged  MySQL account to do this maintenance.


As you most likely discovered, we cannot directly modify the tables of 
the INFORMATION_SCHEMA database. Those tables are constructed 
dynamically (on demand) using information permanently stored in other 
places.  In order to remove that account, you need to issue a DROP USER 
command or you need to be able to edit the `mysql`.`user` table.

http://dev.mysql.com/doc/refman/5.5/en/drop-user.html
http://dev.mysql.com/doc/refman/5.5/en/grant-table-structure.html




--
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Automatic reply: access denied to non-root@localhost null-string user in USER_PRIVILEGES

[Round Square]

On 12/26/2012 01:25 PM, Igor Shevtsov wrote:
 You mysql.user table might be corrupted.
 If you have access to it as a root user, try check table mysql.user, and 
 repair table mysql.user if table corruption was detected.
 Alternatively, shut down mysql server, cd /var/lib/mysql/mysql (to your 
 $datadir/mysql directory) and run
 mysqlcheck -r mysql user



I deleted the row with the empty user from mysql.user, then restarted the 
daemon, and all seems back to normal now.

One lingering question is:  why did mysql allow this to happen?  Could this be 
considered a bug?  After all, an inadvertent and seemingly harmless insertion 
leads to authentication failure for all users.

Are there any other known similar gotchas?  The fix for this one appears so 
trivial as to perhaps NOT call for a restore-from-backup.  But there could be 
other similar glitches that might call for that?

Thanks! 






 On 26/12/12 18:00, Round Square wrote:
 Hi all:
   Suddenly, after a long, functioning run of the mysql server, all the 
 non-root accounts went bad, with:

 Access denied for user 'non_root_user'@'localhost' (using 
 password: YES)

 Authenticating with non_root_u...@server.ip.address still works ( the 
 bind-address in my.cnf is mapped to server.ip.address )

 Poking around in puzzlement and comparing the current, broken state with the 
 functioning state (from backup) I discovered that in the broken version 
 there is this extra line in the information_schema.USER_PRIVILEGES table:

| ''@'localhost' | NULL  | USAGE  
  | NO   |
  
 (Note the null-string user prepended to @localhost)

 Again: the functional, non-broken state does NOT have this entry.  Thus, my 
 current theory is that this line is the culprit.  Prior to the failure I had 
 a surge of experimental installations, installing third-party software that 
 created mysql tables, and can't clearly retrace everything I did, at this 
 point, to pinpoint the installation that may have caused it.

 Be that as it may...

 (1) Is my theory correct?
 (2) If that line should not be there...
 (a) How do I remove it, properly? I don't have debian-sys-maint 
 privileges to delete the line. (Or do I?)
 (b) Are there other tables, besides USER_PRIVILEGES, that would need 
 to be updated/purged

 My version:
 mysql  Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 
 6.1





-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

access denied to non-root@localhost null-string user in USER_PRIVILEGES

[Round Square]

Hi all:
 
Suddenly, after a long, functioning run of the mysql server, all the non-root 
accounts went bad, with:

   Access denied for user 'non_root_user'@'localhost' (using password: 
YES)

Authenticating with non_root_u...@server.ip.address still works ( the 
bind-address in my.cnf is mapped to server.ip.address )

Poking around in puzzlement and comparing the current, broken state with the 
functioning state (from backup) I discovered that in the broken version there 
is this extra line in the information_schema.USER_PRIVILEGES table: 

  | ''@'localhost' | NULL  | USAGE  
 | NO   |
 

(Note the null-string user prepended to @localhost)

Again: the functional, non-broken state does NOT have this entry.  Thus, my 
current theory is that this line is the culprit.  Prior to the failure I had a 
surge of experimental installations, installing third-party software that 
created mysql tables, and can't clearly retrace everything I did, at this 
point, to pinpoint the installation that may have caused it.

Be that as it may...

(1) Is my theory correct?
(2) If that line should not be there...
   (a) How do I remove it, properly? I don't have debian-sys-maint 
privileges to delete the line. (Or do I?)
   (b) Are there other tables, besides USER_PRIVILEGES, that would need to 
be updated/purged

My version:
mysql  Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: access denied to non-root@localhost null-string user in USER_PRIVILEGES

[Igor Shevtsov]

You mysql.user table might be corrupted.
If you have access to it as a root user, try check table mysql.user, and 
repair table mysql.user if table corruption was detected.
Alternatively, shut down mysql server, cd /var/lib/mysql/mysql (to your 
$datadir/mysql directory) and run

mysqlcheck -r mysql user







On 26/12/12 18:00, Round Square wrote:

Hi all:
  
Suddenly, after a long, functioning run of the mysql server, all the non-root accounts went bad, with:


Access denied for user 'non_root_user'@'localhost' (using password: 
YES)

Authenticating with non_root_u...@server.ip.address still works ( the 
bind-address in my.cnf is mapped to server.ip.address )

Poking around in puzzlement and comparing the current, broken state with the 
functioning state (from backup) I discovered that in the broken version there 
is this extra line in the information_schema.USER_PRIVILEGES table:

   | ''@'localhost' | NULL  | USAGE 
  | NO   |
  


(Note the null-string user prepended to @localhost)

Again: the functional, non-broken state does NOT have this entry.  Thus, my 
current theory is that this line is the culprit.  Prior to the failure I had a 
surge of experimental installations, installing third-party software that 
created mysql tables, and can't clearly retrace everything I did, at this 
point, to pinpoint the installation that may have caused it.

Be that as it may...

(1) Is my theory correct?
(2) If that line should not be there...
(a) How do I remove it, properly? I don't have debian-sys-maint 
privileges to delete the line. (Or do I?)
(b) Are there other tables, besides USER_PRIVILEGES, that would need to 
be updated/purged

My version:
mysql  Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1

Re: user last activity and log in

[Singer Wang]

Mellow greetings,

Enhance your calm. Lets get our facts straight and not go off our
rockers. MySQL 5.6 Enterprise edition will be able to do this natively (
https://blogs.oracle.com/MySQL/entry/new_in_mysql_enterprise_edition), but
otherwise you cannot do it natively. This does not mean
its impossible, though as there's a few easy work arounds.

1) Force all logins to use the PAM or AD authentication plugin -- if the
authentication is success then log it in AD or PAM
2) use a init-connect to log logins but that doesn't work for users with
super privileges as Keith mentioned below (thanks Keith for actually trying
to help!)
3) Write your own plugin using the MySQL Plugin APIs
4) use the McAfee Audit Plugin for MySQL (Free:
http://www.devshed.com/c/a/MySQL/McAfee-Releases-Audit-Plugin-for-MySQL-Users-86548/
)


Singer Wang
(yes, I just watched Demolition Man)



On Thu, Oct 4, 2012 at 11:29 PM, Keith Murphy bmur...@paragon-cs.comwrote:

 My friend Dave Holoboff wrote this up some time ago:


 http://mysqlhints.blogspot.com/2011/01/how-to-log-user-connections-in-mysql.html

 You know you people sound like children.

 Really  unprofessional.

 Go ahead --- call me names. i left middle school almost 30 years ago. It
 won't bother me.

 Can we knock off the name calling and actually offer advice and possible
 solutions? I thought that was what this list was for.

 For those of us out in the field doing things ... This might be your
 ticket. It requires a restart of MySQL (which may or may not be acceptable)
 bit it's a fairly clean solution.

 Minimal load, easy to query for your last connection time and how often
 connections are made by a user.

 Again, requires a restart to enable (and disable) . Oh, and users with
 super privileges won't be logged.

 Thanks,

 Keith

 --

 Keith Murphy
 Senior MySQL DBA
 Principal Trainer
 Paragon Consulting Services
 http://www.paragon-cs.com
 850-637-3877







 --

 *
 *
 (c) 850-637-3877

Re: user last activity and log in

[Singer Wang]

My bad actually, the MySQL Enterprise Audit is available in MySQL 5.5

S

On Fri, Oct 5, 2012 at 2:14 AM, Singer Wang w...@singerwang.com wrote:

 Mellow greetings,

 Enhance your calm. Lets get our facts straight and not go off our
 rockers. MySQL 5.6 Enterprise edition will be able to do this natively (
 https://blogs.oracle.com/MySQL/entry/new_in_mysql_enterprise_edition),
 but otherwise you cannot do it natively. This does not mean
 its impossible, though as there's a few easy work arounds.

 1) Force all logins to use the PAM or AD authentication plugin -- if the
 authentication is success then log it in AD or PAM
 2) use a init-connect to log logins but that doesn't work for users with
 super privileges as Keith mentioned below (thanks Keith for actually trying
 to help!)
 3) Write your own plugin using the MySQL Plugin APIs
 4) use the McAfee Audit Plugin for MySQL (Free:
 http://www.devshed.com/c/a/MySQL/McAfee-Releases-Audit-Plugin-for-MySQL-Users-86548/
 )


 Singer Wang
 (yes, I just watched Demolition Man)



 On Thu, Oct 4, 2012 at 11:29 PM, Keith Murphy bmur...@paragon-cs.comwrote:

 My friend Dave Holoboff wrote this up some time ago:


 http://mysqlhints.blogspot.com/2011/01/how-to-log-user-connections-in-mysql.html

 You know you people sound like children.

 Really  unprofessional.

 Go ahead --- call me names. i left middle school almost 30 years ago. It
 won't bother me.

 Can we knock off the name calling and actually offer advice and possible
 solutions? I thought that was what this list was for.

 For those of us out in the field doing things ... This might be your
 ticket. It requires a restart of MySQL (which may or may not be
 acceptable)
 bit it's a fairly clean solution.

 Minimal load, easy to query for your last connection time and how often
 connections are made by a user.

 Again, requires a restart to enable (and disable) . Oh, and users with
 super privileges won't be logged.

 Thanks,

 Keith

 --

 Keith Murphy
 Senior MySQL DBA
 Principal Trainer
 Paragon Consulting Services
 http://www.paragon-cs.com
 850-637-3877







 --

 *
 *
 (c) 850-637-3877

Re: user last activity and log in

[Johan De Meersman]

- Original Message -
 From: Singer Wang w...@singerwang.com
 
 2) use a init-connect to log logins but that doesn't work for users
 with super privileges as Keith mentioned below (thanks Keith for actually
 trying to help!)

That is indeed quite the nifty trick. Thanks, Keith :-)

 3) Write your own plugin using the MySQL Plugin APIs
 4) use the McAfee Audit Plugin for MySQL (Free:

Hmm. Smells of McAfee, but looks interesting. Not sure what to think :-)


-- 
Linux Bier Wanderung 2012, now also available in Belgium!
August, 12 to 19, Diksmuide, Belgium - http://lbw2012.tuxera.be

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

user last activity and log in

[Aastha]

Hello,

I want to find the last time the given list of users logged in.
Is there any mysql table from where i can retrieve the data or anyt
specific sql


Aastha Gupta

Re: user last activity and log in

[List Man]

There is no such thing.  Your application has to deal with such info.

LS


On Oct 4, 2012, at 11:28 AM, Aastha wrote:

 Hello,
 
 I want to find the last time the given list of users logged in.
 Is there any mysql table from where i can retrieve the data or anyt
 specific sql
 
 
 Aastha Gupta


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user last activity and log in

[Reindl Harald]

Am 04.10.2012 17:28, schrieb Aastha:
 I want to find the last time the given list of users logged in.
 Is there any mysql table from where i can retrieve the data or any
 specific sql

no - because this would mean a WRITE QUERY in the mysql-database
for every connection - having a web-application with hundrets
of calls per second would kill the performance

this makes pretty no sense and is NOT the job of a RDBMS
implement it in your application / db-abstraction-layer



signature.asc
Description: OpenPGP digital signature

Re: user last activity and log in

[Singer Wang]

It is possible in MySQL 5.6

S


On Thu, Oct 4, 2012 at 11:30 AM, List Man list@bluejeantime.com wrote:

 There is no such thing.  Your application has to deal with such info.

 LS


 On Oct 4, 2012, at 11:28 AM, Aastha wrote:

  Hello,
 
  I want to find the last time the given list of users logged in.
  Is there any mysql table from where i can retrieve the data or anyt
  specific sql
 
 
  Aastha Gupta


 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql

Re: user last activity and log in

[Johan De Meersman]

- Original Message -
 From: Reindl Harald h.rei...@thelounge.net
 
 this makes pretty no sense and is NOT the job of a RDBMS
 implement it in your application / db-abstraction-layer

I notice no specification of what kind of users, so I'm assuming DB users. 
There *is* such a thing: you can find it in the general query log. Turning that 
on is a considerable performance overhead, though, and so is firmly discouraged 
on production systems.


-- 
Linux Bier Wanderung 2012, now also available in Belgium!
August, 12 to 19, Diksmuide, Belgium - http://lbw2012.tuxera.be

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user last activity and log in

[Aastha]

Yes, i meant DB users.

On Thu, Oct 4, 2012 at 10:57 AM, Johan De Meersman vegiv...@tuxera.bewrote:


 - Original Message -
  From: Reindl Harald h.rei...@thelounge.net
 
  this makes pretty no sense and is NOT the job of a RDBMS
  implement it in your application / db-abstraction-layer

 I notice no specification of what kind of users, so I'm assuming DB users.
 There *is* such a thing: you can find it in the general query log. Turning
 that on is a considerable performance overhead, though, and so is firmly
 discouraged on production systems.


 --
 Linux Bier Wanderung 2012, now also available in Belgium!
 August, 12 to 19, Diksmuide, Belgium - http://lbw2012.tuxera.be

 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql

Re: user last activity and log in

[Reindl Harald]

it does not matter what kind of users

usually each application has it's own datanase and it's
own user, the application makes the connection and
can at this point log whatever you want

using the general query log can only be a bad joke
you will log EVERY query and not only logins

again: it is not the job of a RDBMS to waste I/O and
performance with such things - the application as
example could refresh it only once per user-session

the RDBMS would write blindly for each connection

Am 04.10.2012 18:18, schrieb Aastha:
 Yes, i meant DB users.
 
 On Thu, Oct 4, 2012 at 10:57 AM, Johan De Meersman vegiv...@tuxera.be 
 mailto:vegiv...@tuxera.be wrote:
 
 
 - Original Message -
  From: Reindl Harald h.rei...@thelounge.net 
 mailto:h.rei...@thelounge.net
 
  this makes pretty no sense and is NOT the job of a RDBMS
  implement it in your application / db-abstraction-layer
 
 I notice no specification of what kind of users, so I'm assuming DB 
 users. There *is* such a thing: you can
 find it in the general query log. Turning that on is a considerable 
 performance overhead, though, and so is
 firmly discouraged on production systems.



signature.asc
Description: OpenPGP digital signature

Re: user last activity and log in

[Johan De Meersman]

- Original Message -
 From: Reindl Harald rei...@thelounge.net
 
 it does not matter what kind of users

I'm happy for you that you still have all the answers anyone could ever want, 
Harald. Regardless of having any background knowledge on the circumstance of 
the question, even. You truly are a gifted individual.

 using the general query log can only be a bad joke
 you will log EVERY query and not only log-ins

Yes, which is why I specified explicitly that it is very much discouraged for 
production use.

However, it can be useful at times. I recently turned it on to investigate 
sudden, unpredictable and above all annoyingly brief peaks in the number of 
connections, and I needed to know what APPLICATION INSTANCE was responsible, 
not which particular user - as well as have a good view of what the offending 
sessions did. A tcpdump would have been an option, but given that wireshark 
still isn't too good at decoding MySQL traffic I still opted for the full query 
log. There was some more tomfoolery involved, but after almost a week of 
logging we successfully identified the culprit.

Now you may do things differently, and you may also reach a satisfactory 
solution; but I am absolutely sick and tired of hearing how your way is the 
only valid way, casually implying that the rest of the world are all bloody 
idiots that should just shut up and listen while you tell them every ridiculous 
way in which they are wrong and inferior. 

PLEASE, for your own sake - not to mention the nerves of the people around you 
- learn to accept that there are a lot of different ways to do things, and that 
sometimes people pick their optimal solution on quite different criteria than 
the ones you use. That does not necessarily make them wrong, merely different 
from you. As the Perl mantra goes, There's More Than One Way To Do It.

/Johan

-- 
Linux Bier Wanderung 2012, now also available in Belgium!
August, 12 to 19, Diksmuide, Belgium - http://lbw2012.tuxera.be

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user last activity and log in

[Reindl Harald]

Am 04.10.2012 23:12, schrieb Johan De Meersman:
 - Original Message -
 From: Reindl Harald rei...@thelounge.net

 it does not matter what kind of users
 
 I'm happy for you that you still have all the answers anyone could ever want, 
 Harald.

not all but the one to the topic

IT IS IMPOSSIBLE
MYSQL CAN NOT DO WHAT THE OP WANT

 Regardless of having any background knowledge on the circumstance of the 
 question, even.

mysql can not an dwill not log user-logins

 You truly are a gifted individual.

your opinion, but the answer to the question of the OP
is simply NO you can't

 using the general query log can only be a bad joke
 you will log EVERY query and not only log-ins
 
 Yes, which is why I specified explicitly that it is very much discouraged for 
 production use.

it is NOT the answer to the question damned
it doe NOT log the last login of a mysql user in a USEABLE form

 Now you may do things differently, and you may also reach a satisfactory 
 solution; 
 but I am absolutely sick and tired of hearing how your way is the only valid 
 way

i don't give a damn about what you are tired of

the answer to I want to find the last time the given list of users
logged in. Is there any mysql table from where i can retrieve the data
is SIMPLY NO and not a useless full query log

 casually implying that the rest of the world are all bloody idiots 

maybe in this case your conclusion i liked to call you
a bloody idiot for bringing full query log as answer
comes because you realized how useless the idea is

 that should just shut up and listen while you tell them every ridiculous 
 way in which they are wrong and inferior

maybe you should shut up yourself as long
you are hypersensible

 learn to accept that there are a lot of different ways to do things

again: your solution full query log is not one
if you can't face the truth this is your problem

 and that sometimes people pick their optimal solution on quite different 
 criteria than the ones you use. 

if someone does not like answers he should not ask questions

 There's More Than One Way To Do It.

full query og is none of them

if it takes SIX hours for your reply in the way you did here
my conclusion is that you recently came home drunken and should
go to bed



signature.asc
Description: OpenPGP digital signature

Re: user last activity and log in

[Claudio Nanni]

Hi,

2012/10/4 Reindl Harald h.rei...@thelounge.net



 Am 04.10.2012 17:28, schrieb Aastha:
  I want to find the last time the given list of users logged in.
  Is there any mysql table from where i can retrieve the data or any
  specific sql

 no - because this would mean a WRITE QUERY in the mysql-database
 for every connection - having a web-application with hundrets
 of calls per second would kill the performance

 No because MySQL does not have this facility. (5.6)
Saying that a feature is not present because the hypothetical
implementation would impact performance doesn't make much sense in my
opinion.


 this makes pretty no sense and is NOT the job of a RDBMS
 implement it in your application / db-abstraction-layer


I can suggest a reading here:
http://www.amazon.com/Implementing-Database-Security-Auditing-Examples/dp/183342

Regards
-- 
Claudio

RE: user last activity and log in

[Rick James]

In looking at a couple hundred machine, I see that
  Connections / Uptime
has a median of about 0.5 (one connection every 2 seconds)
and a max of about 140.

140 writes to some audit table _might_ have a small impact on the system.

 -Original Message-
 From: Claudio Nanni [mailto:claudio.na...@gmail.com]
 Sent: Thursday, October 04, 2012 3:51 PM
 To: Reindl Harald
 Cc: mysql@lists.mysql.com
 Subject: Re: user last activity and log in
 
 Hi,
 
 2012/10/4 Reindl Harald h.rei...@thelounge.net
 
 
 
  Am 04.10.2012 17:28, schrieb Aastha:
   I want to find the last time the given list of users logged in.
   Is there any mysql table from where i can retrieve the data or any
   specific sql
 
  no - because this would mean a WRITE QUERY in the mysql-database for
  every connection - having a web-application with hundrets of calls
 per
  second would kill the performance
 
  No because MySQL does not have this facility. (5.6)
 Saying that a feature is not present because the hypothetical
 implementation would impact performance doesn't make much sense in my
 opinion.
 
 
  this makes pretty no sense and is NOT the job of a RDBMS implement it
  in your application / db-abstraction-layer
 
 
 I can suggest a reading here:
 http://www.amazon.com/Implementing-Database-Security-Auditing-
 Examples/dp/183342
 
 Regards
 --
 Claudio

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user last activity and log in

[Reindl Harald]

beside the fact that msql CAN NOT do this at all

the median is not really releavt
in the median you see also night hours with zero load

on a typical webserver with load you have much more

* a cms system
* many page requests per second
* no you can not use persistent connections if you have
  let's say 100 databases and 100 domains with 500 prefork
  pcroesses because these would mean in the worst case 5
  connections
* enable query log on machines with some hundret queriers
  per second would be a self DOS and fill your disks

Am 05.10.2012 01:26, schrieb Rick James:
 In looking at a couple hundred machine, I see that
 Connections / Uptime
 has a median of about 0.5 (one connection every 2 seconds)
 and a max of about 140.
 
 140 writes to some audit table _might_ have a small impact on the system.
 
 -Original Message-
 From: Claudio Nanni [mailto:claudio.na...@gmail.com]
 Sent: Thursday, October 04, 2012 3:51 PM
 To: Reindl Harald
 Cc: mysql@lists.mysql.com
 Subject: Re: user last activity and log in

 Hi,

 2012/10/4 Reindl Harald h.rei...@thelounge.net



 Am 04.10.2012 17:28, schrieb Aastha:
 I want to find the last time the given list of users logged in.
 Is there any mysql table from where i can retrieve the data or any
 specific sql

 no - because this would mean a WRITE QUERY in the mysql-database for
 every connection - having a web-application with hundrets of calls
 per
 second would kill the performance

 No because MySQL does not have this facility. (5.6)
 Saying that a feature is not present because the hypothetical
 implementation would impact performance doesn't make much sense in my
 opinion.


 this makes pretty no sense and is NOT the job of a RDBMS implement it
 in your application / db-abstraction-layer


 I can suggest a reading here:
 http://www.amazon.com/Implementing-Database-Security-Auditing-
 Examples/dp/183342



signature.asc
Description: OpenPGP digital signature

Re: user last activity and log in

[Keith Murphy]

My friend Dave Holoboff wrote this up some time ago:

http://mysqlhints.blogspot.com/2011/01/how-to-log-user-connections-in-mysql.html

You know you people sound like children.

Really  unprofessional.

Go ahead --- call me names. i left middle school almost 30 years ago. It
won't bother me.

Can we knock off the name calling and actually offer advice and possible
solutions? I thought that was what this list was for.

For those of us out in the field doing things ... This might be your
ticket. It requires a restart of MySQL (which may or may not be acceptable)
bit it's a fairly clean solution.

Minimal load, easy to query for your last connection time and how often
connections are made by a user.

Again, requires a restart to enable (and disable) . Oh, and users with
super privileges won't be logged.

Thanks,

Keith

--

Keith Murphy
Senior MySQL DBA
Principal Trainer
Paragon Consulting Services
http://www.paragon-cs.com
850-637-3877







-- 

*
*
(c) 850-637-3877

Re: user last activity and log in

[Keith Murphy]

One small correction. Init-connect doesn't require a restart of MySQL.  I
was thinking of init-file. So that's even better.



On Thursday, October 4, 2012, Keith Murphy wrote:

 My friend Dave Holoboff wrote this up some time ago:


 http://mysqlhints.blogspot.com/2011/01/how-to-log-user-connections-in-mysql.html

 You know you people sound like children.

 Really  unprofessional.

 Go ahead --- call me names. i left middle school almost 30 years ago. It
 won't bother me.

 Can we knock off the name calling and actually offer advice and possible
 solutions? I thought that was what this list was for.

 For those of us out in the field doing things ... This might be your
 ticket. It requires a restart of MySQL (which may or may not be acceptable)
 bit it's a fairly clean solution.

 Minimal load, easy to query for your last connection time and how often
 connections are made by a user.

 Again, requires a restart to enable (and disable) . Oh, and users with
 super privileges won't be logged.

 Thanks,

 Keith

 --

 Keith Murphy
 Senior MySQL DBA
 Principal Trainer
 Paragon Consulting Services
 http://www.paragon-cs.com
 850-637-3877







 --

 *
 *
 (c) 850-637-3877



-- 

Keith Murphy
Senior MySQL DBA
Principal Trainer
Paragon Consulting Services
http://www.paragon-cs.com
850-637-3877

secure user name for MySQL account?

[Rajeev Prasad]

I am considering using cryptic username for accessing and working on a database 
on my MySQL installation. can anyone with experience provide some suggestion pl?

in documentation, i only see that it can be 16 char long. how complex it can 
be? any side effects/bugs of username complexity? can I use special characters 
in name?


please advice.


ty.

Re: secure user name for MySQL account?

[Johan De Meersman]

- Original Message -
 From: Rajeev Prasad rp.ne...@yahoo.com
 
 I am considering using cryptic username for accessing and working on
 a database on my MySQL installation. can anyone with experience
 provide some suggestion pl?

Why would you make your life hard by using cryptic usernames? Have the username 
(and db name) reflect the project it's used in or the user it belongs to, make 
sure you have a properly complex password, allow only from appropriate hosts 
and set up restrictive firewall rules. If you know how many simultaneous 
connections the application can make, you can also restrict that.


 in documentation, i only see that it can be 16 char long. how complex
 it can be? any side effects/bugs of username complexity? can I use
 special characters in name?

Avoid reserved names, also best to avoid question marks and percent signs as 
those are wildcards in some situations - even though (I think) they're not 
actually interpreted unless the user name is a single percent sign. Apart from 
that, nothing much except the 16-character limit, I think.


-- 
Linux Bier Wanderung 2012, now also available in Belgium!
August, 12 to 19, Diksmuide, Belgium - http://lbw2012.tuxera.be

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

user not able to login from localhost

[Rajeev Prasad]

i have given select/insert/update/delete rights to a user on a specific 
database, from localhost. when i try to login to mysql using the uid, i get 
error:



ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using 
password: YES)


what other privilege do i need to give this user?

RE: user not able to login from localhost

[Rick James]

That says that your password in not correct.  You have not gotten to specific 
privileges.

Did you previously do
GRANT ... TO myuser@localhost IDENTFIED BY '...';
?

If you can get in via root, do
SHOW GRANTS FOR myuser@localhost;
SELECT * FROM mysql.user WHERE user = 'myuser';

 -Original Message-
 From: Rajeev Prasad [mailto:rp.ne...@yahoo.com]
 Sent: Monday, September 24, 2012 10:56 AM
 To: mysql list
 Subject: user not able to login from localhost
 
 i have given select/insert/update/delete rights to a user on a specific
 database, from localhost. when i try to login to mysql using the uid, i
 get error:
 
 
 
 ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using
 password: YES)
 
 
 what other privilege do i need to give this user?

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user not able to login from localhost

[Michael Dykman]

On Mon, Sep 24, 2012 at 1:55 PM, Rajeev Prasad rp.ne...@yahoo.com wrote:
 i have given select/insert/update/delete rights to a user on a specific 
 database, from localhost. when i try to login to mysql using the uid, i get 
 error:



 ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using 
 password: YES)


 what other privilege do i need to give this user?

The permission set you describe should be complete, so look more
closely at what was actually granted and how you are trying to log in.

The obvious questions:

How did you create and grant privileges to that user? Did you use:

grant select,insert,update,delete on mydb.* to mysql@localhost
identified by password('password');

or what variant exactly?

When you are trying to log in, are you doing that explicitly from the
same server or are you accessing remotely?

-- 
 - michael dykman
 - mdyk...@gmail.com

 May the Source be with you.

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user not able to login from localhost

[Ben Mildren]

Also ensure you issue: FLUSH PRIVILEGES; after making any changes to
permissions..

On 24 September 2012 20:09, Rick James rja...@yahoo-inc.com wrote:
 That says that your password in not correct.  You have not gotten to specific 
 privileges.

 Did you previously do
 GRANT ... TO myuser@localhost IDENTFIED BY '...';
 ?

 If you can get in via root, do
 SHOW GRANTS FOR myuser@localhost;
 SELECT * FROM mysql.user WHERE user = 'myuser';

 -Original Message-
 From: Rajeev Prasad [mailto:rp.ne...@yahoo.com]
 Sent: Monday, September 24, 2012 10:56 AM
 To: mysql list
 Subject: user not able to login from localhost

 i have given select/insert/update/delete rights to a user on a specific
 database, from localhost. when i try to login to mysql using the uid, i
 get error:



 ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using
 password: YES)


 what other privilege do i need to give this user?

 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: secure user name for MySQL account?

[Arthur Fuller]

On this note, one thing that really bugs me about MySQL passwords is the
inability to use special characters. In the SQL Server world, I let users
choose their own passwords, but obeying these rules:

It cannot be a dictionary word or sequence of words.
It must contain at least one numeric digit.
It must contain a mix of upper and lower case.
It must contain at least one special character.

That combination makes a password very difficult to crack. I don't know why
MySQL falls so short in this respect.

Arthur
www.artfulsoftware.com

Re: secure user name for MySQL account?

[Shawn Green]

Hello Arthur,

On 9/24/2012 4:25 PM, Arthur Fuller wrote:

On this note, one thing that really bugs me about MySQL passwords is the
inability to use special characters. In the SQL Server world, I let users
choose their own passwords, but obeying these rules:

It cannot be a dictionary word or sequence of words.
It must contain at least one numeric digit.
It must contain a mix of upper and lower case.
It must contain at least one special character.

That combination makes a password very difficult to crack. I don't know why
MySQL falls so short in this respect.



MySQL continues to improve in this respect. While it's true that our 
last big security change was the enhanced password hash function 
introduced in 4.1 we have not been completely insensitive to the needs 
of our customers.  For example, check out the list of account and 
security improvements arriving in MySQL 5.6

http://dev.mysql.com/doc/refman/5.6/en/mysql-nutshell.html

In particular, the password complexity threshold can be configured using 
the new Password Validation plugin:

http://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin.html

Yours,
--
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: user not able to login from localhost

[Rajeev Prasad]

this is what i see:

| GRANT USAGE ON *.* TO 'myuser'@'localhost' IDENTIFIED BY PASSWORD 
'*829E20779862ACF47E2B4D9B7C6B1B1B1ADF7925' |
| GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES ON `mydatabase`.* TO 
'myuser'@'localhost' |
+-+


I am using phpmyadmin to manage mysql, including user privileges.




 From: Ben Mildren ben.mild...@gmail.com
To: Rajeev Prasad rp.ne...@yahoo.com 
Cc: mysql list mysql@lists.mysql.com 
Sent: Monday, September 24, 2012 2:49 PM
Subject: Re: user not able to login from localhost
 
Also ensure you issue: FLUSH PRIVILEGES; after making any changes to
permissions..

On 24 September 2012 20:09, Rick James rja...@yahoo-inc.com wrote:
 That says that your password in not correct.  You have not gotten to specific 
 privileges.

 Did you previously do
 GRANT ... TO myuser@localhost IDENTFIED BY '...';
 ?

 If you can get in via root, do
 SHOW GRANTS FOR myuser@localhost;
 SELECT * FROM mysql.user WHERE user = 'myuser';

 -Original Message-
 From: Rajeev Prasad [mailto:rp.ne...@yahoo.com]
 Sent: Monday, September 24, 2012 10:56 AM
 To: mysql list
 Subject: user not able to login from localhost

 i have given select/insert/update/delete rights to a user on a specific
 database, from localhost. when i try to login to mysql using the uid, i
 get error:



 ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using
 password: YES)


 what other privilege do i need to give this user?

 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:    http://lists.mysql.com/mysql


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql

Re: user not able to login from localhost

[Rajeev Prasad]

mysql SELECT * FROM mysql.user WHERE user ='myuser';
+---+--+---+-+-+-+-+-+---+-+---+--+---++-+++--++---+--+--+-+--+--++-++--++--+--++-+--+---+-+-+--+
| Host  | User | Password  | 
Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv 
| Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | 
References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | 
Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | 
Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | 
Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | 
ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | 
max_connections | max_user_connections |
+---+--+---+-+-+-+-+-+---+-+---+--+---++-+++--++---+--+--+-+--+--++-++--++--+--++-+--+---+-+-+--+
| localhost | myuser| *829E20779862ACF47E2B4D9B7C6B1B1B1ADF7925 | N   | 
N   | N   | N   | N   | N | N   
| N | N    | N | N  | N   | 
N  | N  | N    | N  | N | 
N    | N    | N   | N    | 
N    | N  | N   | N  | 
N    | N  | N    |  |    
| |  | 0
 |   0 |   0 |    0 |
+---+--+---+-+-+-+-+-+---+-+---+--+---++-+++--++---+--+--+-+--+--++-++--++--+--++-+--+---+-+-+--+
1 row in set (0.02 sec)

mysql 



I am looging in from the same server.





 From: Rick James rja...@yahoo-inc.com
To: Rajeev Prasad rp.ne...@yahoo.com; mysql list mysql@lists.mysql.com 
Sent: Monday, September 24, 2012 2:09 PM
Subject: RE: user not able to login from localhost
 
That says that your password in not correct.  You have not gotten to specific 
privileges.

Did you previously do
GRANT ... TO myuser@localhost IDENTFIED BY '...';
?

If you can get in via root, do
SHOW GRANTS FOR myuser@localhost;
SELECT * FROM mysql.user WHERE user = 'myuser';

 -Original Message-
 From: Rajeev Prasad [mailto:rp.ne...@yahoo.com]
 Sent: Monday, September 24, 2012 10:56 AM
 To: mysql list
 Subject: user not able to login from localhost
 
 i have given select/insert/update/delete rights to a user on a specific
 database, from localhost. when i try to login to mysql using the uid, i
 get error:
 
 
 
 ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using
 password: YES)
 
 
 what other privilege do i need to give this user?

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql

(resolved) Re: user not able to login from localhost

[Rajeev Prasad]

friends,  i figure that i had to give password in quotes. i was then able to 
login. thank you all for your help and time.




 From: Rajeev Prasad rp.ne...@yahoo.com
To: Rick James rja...@yahoo-inc.com; mysql list mysql@lists.mysql.com 
Sent: Monday, September 24, 2012 4:11 PM
Subject: Re: user not able to login from localhost
 
mysql SELECT * FROM mysql.user WHERE user ='myuser';
+---+--+---+-+-+-+-+-+---+-+---+--+---++-+++--++---+--+--+-+--+--++-++--++--+--++-+--+---+-+-+--+
| Host  | User | Password  | 
Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv 
| Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | 
References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | 
Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | 
Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | 
Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | 
ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | 
max_connections | max_user_connections |
+---+--+---+-+-+-+-+-+---+-+---+--+---++-+++--++---+--+--+-+--+--++-++--++--+--++-+--+---+-+-+--+
| localhost | myuser| *829E20779862ACF47E2B4D9B7C6B1B1B1ADF7925 | N   | 
N   | N   | N   | N   | N | N   
| N | N    | N | N  | N   | 
N  | N  | N    | N  | N | 
N    | N    | N   | N    | 
N    | N  | N   | N  | 
N    | N  | N    |  |    
| |  | 0
|   0 |   0 |    0 |
+---+--+---+-+-+-+-+-+---+-+---+--+---++-+++--++---+--+--+-+--+--++-++--++--+--++-+--+---+-+-+--+
1 row in set (0.02 sec)

mysql 



I am looging in from the same server.





From: Rick James rja...@yahoo-inc.com
To: Rajeev Prasad rp.ne...@yahoo.com; mysql list mysql@lists.mysql.com 
Sent: Monday, September 24, 2012 2:09 PM
Subject: RE: user not able to login from localhost

That says that your password in not correct.  You have not gotten to specific 
privileges.

Did you previously do
GRANT ... TO myuser@localhost IDENTFIED BY '...';
?

If you can get in via root, do
SHOW GRANTS FOR myuser@localhost;
SELECT * FROM mysql.user WHERE user = 'myuser';

 -Original Message-
 From: Rajeev Prasad [mailto:rp.ne...@yahoo.com]
 Sent: Monday, September 24, 2012 10:56 AM
 To: mysql list
 Subject: user not able to login from localhost
 
 i have given select/insert/update/delete rights to a user on a specific
 database, from localhost. when i try to login to mysql using the uid, i
 get error:
 
 
 
 ERROR 1045 (28000): Access denied for user 'myuser'@'localhost' (using
 password: YES)
 
 
 what other privilege do i need to give this user?

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql

Re: secure user name for MySQL account?

[Arthur Fuller]

Thanks for the update, Shawn. I'll check it out right now.

On Mon, Sep 24, 2012 at 4:40 PM, Shawn Green shawn.l.gr...@oracle.comwrote:

 Hello Arthur,


 On 9/24/2012 4:25 PM, Arthur Fuller wrote:

 On this note, one thing that really bugs me about MySQL passwords is the
 inability to use special characters. In the SQL Server world, I let users
 choose their own passwords, but obeying these rules:

 It cannot be a dictionary word or sequence of words.
 It must contain at least one numeric digit.
 It must contain a mix of upper and lower case.
 It must contain at least one special character.

 That combination makes a password very difficult to crack. I don't know
 why
 MySQL falls so short in this respect.


 MySQL continues to improve in this respect. While it's true that our last
 big security change was the enhanced password hash function introduced in
 4.1 we have not been completely insensitive to the needs of our customers.
  For example, check out the list of account and security improvements
 arriving in MySQL 5.6
 http://dev.mysql.com/doc/**refman/5.6/en/mysql-nutshell.**htmlhttp://dev.mysql.com/doc/refman/5.6/en/mysql-nutshell.html

 In particular, the password complexity threshold can be configured using
 the new Password Validation plugin:
 http://dev.mysql.com/doc/**refman/5.6/en/validate-**password-plugin.htmlhttp://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin.html

 Yours,
 --
 Shawn Green

Default Values for Max User and Max Connections.

[Wayne Leutwyler]

Hello All, 

Question. In mysql 5.5 what are the defaults for these values:

max_connections = ? (is this set to 151 in 5,5)
max_user_connections = ?(is this set to unlimited unless you provide 
the exact number)?

Thank you so much. 


Wayne Leutwyler, RHCT
Open Source + Open Minds = Open Solutions
Courage is being scared to death-but saddling up anyway -John Wayne


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

RE: Default Values for Max User and Max Connections.

[Rick James]

After installing, do
SHOW VARIABLES LIKE 'max%';
If you don't like the values, then ad a line to my.cnf (my.ini) and restart.

For max_user_connections, I think 0 means unlimited.

 -Original Message-
 From: Wayne Leutwyler [mailto:wleut...@columbus.rr.com]
 Sent: Friday, September 21, 2012 7:04 AM
 To: mysql@lists.mysql.com
 Subject: Default Values for Max User and Max Connections.
 
 Hello All,
 
 Question. In mysql 5.5 what are the defaults for these values:
 
 max_connections = ?   (is this set to 151 in 5,5)
 max_user_connections = ?  (is this set to unlimited unless you
 provide the exact number)?
 
 Thank you so much.
 
 
 Wayne Leutwyler, RHCT
 Open Source + Open Minds = Open Solutions Courage is being scared to
 death-but saddling up anyway -John Wayne
 
 
 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

user accounts using Active Directory

[Aastha]

Hello,

I want to create users and give access to different schema within the
database.
I also want to give them selective privileges to access the table in
different schema.

One way is to create users in MySQL and then grant with privileges.

Is there any way to give them access to MySQL database and the tables
within the schema using active directory.
Also. is there a way to create group of privileges and assign users to the
group required.


Thanks,
Aastha Gupta

Re: user accounts using Active Directory

[Ignacio Ocampo]

Hi Aastha,

I think that you can develop a Plugin to do it.

Recently, I post a plugin that allow authenticate users through LDAP Server
(
http://nafiux.com/blog/2012/08/16/mysql-ldap-authentication-plugin-clear-password-client-plugin/
).

More info about MySQL Authentication Plugins:
http://dev.mysql.com/doc/refman/5.5/en/authentication-plugins.html

You can build your own plugin with your needs.

Best regards.

On Wed, Aug 22, 2012 at 9:13 AM, Aastha aast...@gmail.com wrote:

 Hello,

 I want to create users and give access to different schema within the
 database.
 I also want to give them selective privileges to access the table in
 different schema.

 One way is to create users in MySQL and then grant with privileges.

 Is there any way to give them access to MySQL database and the tables
 within the schema using active directory.
 Also. is there a way to create group of privileges and assign users to the
 group required.


 Thanks,
 Aastha Gupta




-- 
Ignacio Ocampo Millán

Re: Fwd: why must user variable in EXECUTE USING clause ?

[Cifer Lee]

it seems none of you hava answered my question.

On Tue, Mar 27, 2012 at 7:01 AM, Walter Tross wal...@waltertross.comwrote:

 Harald,
 keep in mind that
 a) this mailing list is badly set up: unless you do a reply all, the
 reply goes only to the poster (happened to me too)
 b) Microsoft products have made inline (bottom) answering almost
 impossible. I, like many others, am forced to used Outlook at the office,
 and therefore I had to give up, and now I stick to top-posting :-(
 ciao
 W.
 P.S. the only thing I have not given up yet is not using empty lines to
 avoid the feature (?) of Outlook that glues lines together. This
 feature can be disabled/reverted (although this is not widely known)

 At 21.38 26/03/2012 +0800, Cifer Lee wrote:


 -- Forwarded message --
 From: Reindl Harald mailto:h.rei...@thelounge.net
 h.rei...@thelounge.net
 Date: Mon, Mar 26, 2012 at 9:17 PM
 Subject: Re: why must user variable in EXECUTE USING clause ?
 To: Cifer Lee mailto:mantia...@gmail.commantia...@gmail.com
 
 
 would you PLEASE send to the list instead off-list
 and put your answer BELOW instead to-posting?
 
 is it really so difficult to use mailing-lists?
 
 
 Am 26.03.2012 14:34, schrieb Cifer Lee:
  thanks for reply
  and .sorry for my poor English ...
  I wrote a procedure program which contains prepare clause , please see
 below
 
  CREATE PROCEDURE `iter_table`(IN type int)
  BEGIN
  DECLARE tablename VARCHAR(24) DEFAULT '';
  DECLARE shop_id int DEFAULT 0;
  DECLARE count int DEFAULT 0;
  DECLARE row_count int DEFAULT 0;
  DECLARE x varchar(24);
  DECLARE cur1 CURSOR FOR SELECT `id` FROM shop;
 
  SELECT COUNT(*) INTO row_count FROM shop;
 
  OPEN cur1;
  REPEAT
  FETCH cur1 INTO shop_id;
SET @shop_id := shop_id;
SET @type := type;
SET tablename= CONCAT('shop',@shop_id);
  SET @sqlstr = CONCAT('SELECT
 `id`,`name`,`repertory`,`photo`,`type`,`price`,@shop_id AS shop_id FROM
  ',tablename,' WHERE `type`=?;');
  PREPARE stat FROM @sqlstr;
  EXECUTE stat USING type; - Must be EXECUTE stat USING
 @type ;
  SET count=count+1;
  UNTIL count = row_count
  END REPEAT;
  CLOSE cur1;
  END
 
  I got an error at the red line when I creating this procedure
  and the solution is replace the 'type'  with  '@type'
 
  I found  here  http://dev.mysql.com/doc/refman/5.5/en/execute.html
 http://dev.mysql.com/doc/refman/5.5/en/execute.html
  and knows that
  /you must supply a |USING| clause that lists user variables containing
 the values to be bound to the parameters.
  Parameter values can be supplied only by user variables/,
 
  but, I don't know why .   why must parameter be user variables ? why
 can't be  local variables ,  as declared in
  DECLARE clause..
 
  thanks!
 
  On Mon, Mar 26, 2012 at 8:15 PM, Reindl Harald mailto:
 h.rei...@thelounge.neth.rei...@thelounge.net mailto:
 h.rei...@thelounge.net wrote:
 
 
 
  Am 26.03.2012 14:13, schrieb Cifer Lee:
   why can't be local variable which  declared in  DECLARE  clause?
 
  what are you speaking about?
  keep in mind that we can not read your thoughts
 
 
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Disposition: attachment; filename=signature.asc
 X-Attachment-Id: 2caae85bfd1f082d_0.1
 
 
 --
 MySQL General Mailing List
 For list archives: http://lists.mysql.com/mysql
 To unsubscribe:http://lists.mysql.com/mysql

Re: why must user variable in EXECUTE USING clause ?

[Johan De Meersman]

- Original Message -
 From: Cifer Lee mantia...@gmail.com
 
 it seems none of you hava answered my question.

Yes, that happens :-)

I'm slightly confused as to the difference between user variables and local 
variables, though. Are you saying you couldn't just declare @myvar and use it 
in your code?


-- 
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: why must user variable in EXECUTE USING clause ?

[Reindl Harald]

Am 26.03.2012 14:13, schrieb Cifer Lee:
 why can't be local variable which  declared in  DECLARE  clause?

what are you speaking about?
keep in mind that we can not read your thoughts



signature.asc
Description: OpenPGP digital signature

Fwd: why must user variable in EXECUTE USING clause ?

[Cifer Lee]

-- Forwarded message --
From: Reindl Harald h.rei...@thelounge.net
Date: Mon, Mar 26, 2012 at 9:17 PM
Subject: Re: why must user variable in EXECUTE USING clause ?
To: Cifer Lee mantia...@gmail.com


would you PLEASE send to the list instead off-list
and put your answer BELOW instead to-posting?

is it really so difficult to use mailing-lists?


Am 26.03.2012 14:34, schrieb Cifer Lee:
 thanks for reply
 and .sorry for my poor English ...
 I wrote a procedure program which contains prepare clause , please see
below

 CREATE PROCEDURE `iter_table`(IN type int)
 BEGIN
 DECLARE tablename VARCHAR(24) DEFAULT '';
 DECLARE shop_id int DEFAULT 0;
 DECLARE count int DEFAULT 0;
 DECLARE row_count int DEFAULT 0;
 DECLARE x varchar(24);
 DECLARE cur1 CURSOR FOR SELECT `id` FROM shop;

 SELECT COUNT(*) INTO row_count FROM shop;

 OPEN cur1;
 REPEAT
 FETCH cur1 INTO shop_id;
   SET @shop_id := shop_id;
   SET @type := type;
   SET tablename= CONCAT('shop',@shop_id);
 SET @sqlstr = CONCAT('SELECT
`id`,`name`,`repertory`,`photo`,`type`,`price`,@shop_id AS shop_id FROM
 ',tablename,' WHERE `type`=?;');
 PREPARE stat FROM @sqlstr;
 EXECUTE stat USING type; - Must be EXECUTE stat USING
@type ;
 SET count=count+1;
 UNTIL count = row_count
 END REPEAT;
 CLOSE cur1;
 END

 I got an error at the red line when I creating this procedure
 and the solution is replace the 'type'  with  '@type'

 I found  here  http://dev.mysql.com/doc/refman/5.5/en/execute.html
 and knows that
 /you must supply a |USING| clause that lists user variables containing
the values to be bound to the parameters.
 Parameter values can be supplied only by user variables/,

 but, I don't know why .   why must parameter be user variables ? why
can't be  local variables ,  as declared in
 DECLARE clause..

 thanks!

 On Mon, Mar 26, 2012 at 8:15 PM, Reindl Harald h.rei...@thelounge.netmailto:
h.rei...@thelounge.net wrote:



 Am 26.03.2012 14:13, schrieb Cifer Lee:
  why can't be local variable which  declared in  DECLARE  clause?

 what are you speaking about?
 keep in mind that we can not read your thoughts


signature.asc
Description: PGP signature

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql

Re: Fwd: why must user variable in EXECUTE USING clause ?

[Walter Tross]

Harald,
keep in mind that
a) this mailing list is badly set up: unless you do a reply all, the reply 
goes only to the poster (happened to me too)
b) Microsoft products have made inline (bottom) answering almost impossible. I, 
like many others, am forced to used Outlook at the office, and therefore I had 
to give up, and now I stick to top-posting :-(
ciao
W.
P.S. the only thing I have not given up yet is not using empty lines to avoid 
the feature (?) of Outlook that glues lines together. This feature can be 
disabled/reverted (although this is not widely known)

At 21.38 26/03/2012 +0800, Cifer Lee wrote:


-- Forwarded message --
From: Reindl Harald mailto:h.rei...@thelounge.neth.rei...@thelounge.net
Date: Mon, Mar 26, 2012 at 9:17 PM
Subject: Re: why must user variable in EXECUTE USING clause ?
To: Cifer Lee mailto:mantia...@gmail.commantia...@gmail.com


would you PLEASE send to the list instead off-list
and put your answer BELOW instead to-posting?

is it really so difficult to use mailing-lists?


Am 26.03.2012 14:34, schrieb Cifer Lee:
 thanks for reply
 and .sorry for my poor English ...
 I wrote a procedure program which contains prepare clause , please see below

 CREATE PROCEDURE `iter_table`(IN type int)
 BEGIN
 DECLARE tablename VARCHAR(24) DEFAULT '';
 DECLARE shop_id int DEFAULT 0;
 DECLARE count int DEFAULT 0;
 DECLARE row_count int DEFAULT 0;
 DECLARE x varchar(24);
 DECLARE cur1 CURSOR FOR SELECT `id` FROM shop;

 SELECT COUNT(*) INTO row_count FROM shop;

 OPEN cur1;
 REPEAT
 FETCH cur1 INTO shop_id;
   SET @shop_id := shop_id;
   SET @type := type;
   SET tablename= CONCAT('shop',@shop_id);
 SET @sqlstr = CONCAT('SELECT 
 `id`,`name`,`repertory`,`photo`,`type`,`price`,@shop_id AS shop_id FROM
 ',tablename,' WHERE `type`=?;');
 PREPARE stat FROM @sqlstr;
 EXECUTE stat USING type; - Must be EXECUTE stat USING @type ;
 SET count=count+1;
 UNTIL count = row_count
 END REPEAT;
 CLOSE cur1;
 END

 I got an error at the red line when I creating this procedure
 and the solution is replace the 'type'  with  '@type'

 I found  here  
 http://dev.mysql.com/doc/refman/5.5/en/execute.htmlhttp://dev.mysql.com/doc/refman/5.5/en/execute.html
 and knows that
 /you must supply a |USING| clause that lists user variables containing the 
 values to be bound to the parameters.
 Parameter values can be supplied only by user variables/,

 but, I don't know why .   why must parameter be user variables ? why can't 
 be  local variables ,  as declared in
 DECLARE clause..

 thanks!

 On Mon, Mar 26, 2012 at 8:15 PM, Reindl Harald 
 mailto:h.rei...@thelounge.neth.rei...@thelounge.net 
 mailto:h.rei...@thelounge.net wrote:



 Am 26.03.2012 14:13, schrieb Cifer Lee:
  why can't be local variable which  declared in  DECLARE  clause?

 what are you speaking about?
 keep in mind that we can not read your thoughts


Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
X-Attachment-Id: 2caae85bfd1f082d_0.1


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql